05-19-2015 07:31 AM - edited 03-10-2019 12:25 AM
Hi,
I have had a request to allow a customer to only change port descriptions on their 4500 switches. (There is no ACS or TACACS devices on their network).
I have played around with the privilege exec commands and can restrict most of the access to the config but I can only provide them with all access to the interface commands - thus allowing potentially access to change IP address etc.
Is there a way to allow only the config - interface - and description commands only just using IOS or just point to alias commands?
any help appreciated
Richard
05-19-2015 07:39 AM
Theres 1 other feature i know role access can be controlled from cli its more granular than privilege command
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html
The Role-Based CLI Access feature allows the network administrator to define "views," which are a set of operational commands and configuration capabilities that provide selective or partial access to Cisco IOS EXEC and configuration (Config) mode commands. Views restrict user access to Cisco IOS command-line interface (CLI) and configuration information; that is, a view can define what commands are accepted and what configuration information is visible. Thus, network administrators can exercise better control over access to Cisco networking devices.
05-19-2015 08:06 AM
Cheers Mark - I did look at this and unsure if is it support on their 4500 and IOS - I am just playing with the commands on GNS3 at the moment.
But thanks for the quick response
Richard
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide