Give User the rights to change only port description on Cisco IOS devices

richard.jackson · ‎05-19-2015

Hi,

I have had a request to allow a customer to only change port descriptions on their 4500 switches. (There is no ACS or TACACS devices on their network).

I have played around with the privilege exec commands and can restrict most of the access to the config but I can only provide them with all access to the interface commands - thus allowing potentially access to change IP address etc.

Is there a way to allow only the config - interface - and description commands only just using IOS or just point to alias commands?

any help appreciated

Richard

Mark Malone · ‎05-19-2015

Theres 1 other feature i know role access can be controlled from cli its more granular than privilege command

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html

Role-Based CLI Access

The Role-Based CLI Access feature allows the network administrator to define "views," which are a set of operational commands and configuration capabilities that provide selective or partial access to Cisco IOS EXEC and configuration (Config) mode commands. Views restrict user access to Cisco IOS command-line interface (CLI) and configuration information; that is, a view can define what commands are accepted and what configuration information is visible. Thus, network administrators can exercise better control over access to Cisco networking devices.

richard.jackson · ‎05-19-2015

Cheers Mark - I did look at this and unsure if is it support on their 4500 and IOS - I am just playing with the commands on GNS3 at the moment.

But thanks for the quick response

Richard