Creating a menu on a cisco router

papathimiu · ‎06-15-2016

I need to allow a customer to start, stop and show ip accounting but I cant give him full privilege access to the configuration mode. I am thinking of creating a menu for this but I don't know if this will allow me to run commands in the config mode.

Anyone knows any way to do this either with the menu or tcl script or any other way?

Thanks

Milos Megis · ‎06-15-2016

Hello,
cisco IOS supports 15 "enable levels" for configuration mode.

You as admin use level 15 for full administration commands.

You can configure for example enable level 2 with different password than level 15 and then you can specify commands which can be executed at level 2.

For information if you have prompt:
Router> then you are in level 1
If you type "enable" command without specifying level you will be switched to level 15 (after successful login) and prompt will change to Router#
If you specify enable level, prompt will be also Router# but you can display current level with command "show privilege"

But don´t forget that any higher level has also all commands from lower levels.

This is usable if you have few devices, but if you have many of them then try to use tacacs to control access.

papathimiu · ‎06-17-2016

Hi Milos

I am trying to do this for a customer who don't have much exposure to Cisco command line.

I can give him access level other the 15 however i still have to show him other commands.

I would like to have a solution which is easy. He would like to start stop and show ip accounting. i thought a menu may help and I can give him access to work with the menu. However I ave only figured out how to do basic things with menu.