Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1581
Views
0
Helpful
1
Replies

local user and privilege levels

Bruce Summers
Level 1
Level 1

‎07-15-2011 04:08 AM - edited ‎03-11-2019 01:59 PM

hi folks,

need some confirmation.  I have FWSM's in Cat 6513's.

I have a need to be able to session from the swtich to the FWSM by using default account (not local user), at privilege level 15

I further have a need to allow a user read only access by ssh'n into the FWSM...

I believe I need to setup a local user, at, say privilege level 5, assign the show command only to priv level 5, then set the authorization command for that user.

So, i think my command sets are as follows to accomplish this

username <username> password <pw> priv 5

priv command level 5 mode exec command show

aaa auth ssh console LOCAL

aaa auth enable console LOCAL

aaa authorization command LOCAL

i think, an please correct me if i'm wrong, that this will allow the user at priv 5 to run only the show command and only by SSH to the FWSM while allow the priv 15 level default login to continue to function properly.

thanks for the help

Labels:
0 Helpful
1 Reply 1

Parminder Sian
Level 1
Level 1

‎07-19-2011 01:44 AM

Hi Bruce,

I dont know how deep you actually wanna dive into this, however if you are looking for full blown command authorization, your best bet would be to use ACS for this.

Here's a link for your help:-

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

Hope this helps.

Parminder Sian

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card