Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1293
Views
5
Helpful
1
Replies

Restrict user from changing configuration of the management interface

RAW1456
Level 1
Level 1

‎10-20-2019 10:44 AM

Greetings,

 

I have been looking for answers regarding a problem I have run into while planning a network. Unfortunately, I have not been able to find an answer to my specific question and would greatly appreciate any help.

 

The context is as follows: For a Networking class, students will be configuring Cisco Routers(ISR 3322). The routers are off-site and will be accessed via telnet/ssh.

 

To keep the students from locking themselves out of the device, i want to restrict them from changing the configuration of the management interface.

 

I've seen commands for restricting certain commands altogether but i want the students to still be able to change the configs of the other interfaces, just not the management one. Is there a way of doing this?

 

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎10-20-2019 12:33 PM

There is 2 ways to achieve this :

 

1. Role based access using your Radius (if you have one like ACS/ ISE / Radius)

2. then you need to write the user to restrict commands (this is bit more complicated to write all commands)

 

https://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Customers Also Viewed These Support Documents