I am trying to setup some privilege restrictions for our NOC group that helps support our WAN circuits on Cisco IOS routers (ex. 4451). This user will only need access to a few commands and the ability to admin down an interface. We use Microsoft RADIUS for aaa and have a working configuration but it gives the user access to commands they don't really need. Trying to pair this down to alleviate any extra commands they do not need to have or inadvertent commands being run.
The user can access router now and it puts them in User Exec mode and do not have to enter enable to get to config t (which we perfer them to not know the enable password). I may not be fully understanding the use of the privilege commands, the priv levels with RADIUS, or may the need for aaa authorization.
example of the commands this user group needs are the following: show logging show interface xx/xx/xx show bgp show bgp summary show ip ospf neighbors show ip route clear counters on an interface
On RADIUS we have NPS policy setup for AD group and AV-Pair with shell:priv-lvl=1
--aaa on the router-- aaa group server radius PKI aaa authentication login default local group PKI line
Cisco DNA Center
What's new in Cisco DNA Center 2.1.2
Cisco DNA Center 2.1.2.x Features and Capabilities
Cisco DNA Center -Intent Based Networki...
A major international airport is looking to build a cutting-edge new terminal, designed to run 24/7 with no interruptions. With the airport always on round the clock, a critical component required to support this is the surveillance infrastructure, which ...
Dear expert,I am facing an issue which you may come across before. Grateful if you would teach me how to do it.I have a Cisco WS-C3650-24TS switch in MZ which I would like to configure so that on the GigabitEthernet1 / 0/1 portis configured with VLAN 100,...
Hi AllWe are looking at some new switches for our top of racks in our DC.We have looked at the 9300 series UX models with the big buffers which is classed as a high scale model.I have tried to look at some Nexus models for top of rack, but there appears t...