Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
263
Views
0
Helpful
1
Replies

How to restrict some exec commands to users???

h.morin
Level 1
Level 1

‎09-11-2002 03:59 PM - edited ‎03-09-2019 12:16 AM

Hi everybody!

I´m trying to improve the control and the access to the routers in the company, there is a group of users that need access to the routers and I want they do not be able to perform commands like: config terminal, reset, clear, reload etc...

I have heared that commands have a privilege level and depend on the user privilege they are or are not able to perform them.

Can you give me a recomendation on this?

Any link where I can learn how to configure it?

Any idea or tip will be appreciated!

Thanks in advance!

Hugo.

Labels:
0 Helpful
1 Reply 1

steve.barlow
Level 7
Level 7

‎09-13-2002 04:29 PM

Two options: local priviledge or tacacs+ AAA.

Local example:

priviledge exec level 2 ping

priviledge exec level 2 show config

priveldge exec level 3 debug ip rip

enable secret level 2 ...

enable secret level 3 ...

Log in on one of those level: enable 2 or enable 3

Tacacs+

aaa new-model

tacacs-server host 1.1.1.1

tacacs-server key ...

aaa authorization exec tacacs+

Set up a tacacs+ server.

Hope it helps.

Steve

0 Helpful
Customers Also Viewed These Support Documents