User profiles with limited access to reconfigure ports/VLANs

bjalbert · ‎06-07-2022

I have a few 48-port Catalyst 2960-X series switches and want to set them up with a number of VLANs. I would like to allow a user to reconfigure a set of ports within specified VLANs, while restricting them from being able to reconfigure other ports/VLANs. For example:

Ports 1-10 are dedicated for network access and are locked down so only admins can change the configuration of these ports and VLAN. This VLAN needs to maintain isolation from all other VLANs in the switch at all times.

Ports 11-20 are dedicated for computer communication on a local VLAN. These ports and VLAN should configurable by admins and another group for facility staff, but not by users.

Ports 21-48 are configurable by users to support any combination of VLANs, port mirroring, etc. needed for Ethernet comms between computers and devices under test. All local VLANs. Admins, facility staff, and users should have the ability to reconfigure these ports/VLANs without the ability to impact the first two VLANs

The user profiles would be managed by the admin group, and the facility staff and user groups should not have access to the admin group profile info.

Is this possible with this switch? Thanks for the help.

MHM Cisco World · ‎06-07-2022

config AAA with dot1x dynamic VLAN assign, so
admin have password can pass dot1x get vlan.

guest don't have password get guest vlan.

bjalbert · ‎06-07-2022

Thanks for the quick reply @MHM Cisco World. Unfortunately, I'm not well versed in switch lingo, so I don't quite understand your suggestion. Can you provide a bit more detail?