Showing results for 
Search instead for 
Did you mean: 


Segmentation of CLI users populations


        Hi folks,

I don't know if I writting on the right forum, excuse me for that, but I'll go straight to the point.

I was assigned the task to allocate the CLI commands per user basis, and by now the only options that I seem to found was role-based view and command privilege levels, but I am wondering if there is any other option that you know about.

Let me clarify myself, one of my goals is to create an user, called help-desk or whatever, that connects by an vty line and could only access to some resources of the Cisco devices, like for example, could run a "show running-config" and I would like that the result of it would be the prompt of full configuration without showing , for example, the aaa and usernames config.

Any help or directions would be very appreciated

PD: Sorry if you found some grammatical mistakes, my English is quite basic

And of course, if some further information is needed, I would be pleased of provide it.

Thank you in advance

Marvin Rhoads
Hall of Fame Guru

Hi Samuel,

Your English is quite understandable and, yes, this is a good place to ask your question. Welcome.

From the installations that I have seen the command privilege levels approach is most commonly used for this sort of requirement.

It is pretty basic to set it up and described by Cisco in the IOS configuration guide and a few whitepapers on Some of the better illustrations of how to do this are on 3rd party sites. For example:

Hope this helps.

Content for Community-Ad