I have a particular situation where I need specific user privilege level and I'm trying to figure out the most efficient way to create what I need.
Essentially, I have a student classroom where I am training a group of students. I have set up all my of router and switch configurations the way I need them for the class. Even though I instruct the students to not make permanent changes to the configs, I have some that do so anyway, and wind up wasting time for other students who have to work on the same equipment after them. Even worse, they are saving these changes to the base configuration up in flash, making a system reload ineffective.
What I need is this: I need to create a user privilege level that will allow the users to just about everything EXCEPT "wr mem", "copy run start" or "copy run flash:/xxxxx". They need to be able to show running configs, create access lists, drop MACs, the works. I just need to find a way to prevent them from saving anything to the running config, startup config or the base config stored in flash.
I would appreciate any ideas that can be passed along. I understand how to build different privilege levels as for as the documentation is concerned. But from what I understand, those custom levels are built by giving specific permissions as to what the user CAN do. It would be great if I could figure out an efficient way to create a privilege level that has all the same permissions as level 15, but being unable to save anything (something they CAN'T do).
GoalDocumentationDefineAdd Device to Smart AccountSync Smart Account via vManage1.1 VNF package for vBranchDesignDeployOperate
To successfully provision a ENCS device in remote site with internet connection.
Minimum software relea...
はじめに確認方法Version による Application name の変更について備考参考情報 はじめに本ドキュメントでは Cisco SD-WAN における Policy 上で設定可能な Application を確認する方法について記載しています。 確認方法サポートされている Application name についてはご使用されている vManage へ API を呼び出して確認することが可能です。https://<IP or FQDN>/...
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where the spok...
On 24th August 2021, Cisco announced the latest IOS XE release - Cisco IOS XE Bengaluru 17.6.1a
IOS XE 17.6.1a unlocks various routing features and enhancements comprehensively covering different technology segments such as voice, security,...
DMVPN (Dynamic Multipoint VPN) Introduced by Cisco in late 2000 is a routing technology you can use to build a VPN network with multiple sites (spokes) without having to statically configure all devices. It’s a “hub and spoke” network, where th...