10-26-2010 01:00 PM - edited 03-10-2019 05:31 PM
I want to be able to set up
read only access to one of our cisco routers while letting the other users still be able to get into enable and config mode.
My current config ( without the read only access user) is as follows
aaa new-model
aaa authentication login default local-case
aaa authentication login NO_AUTHENT none
aaa authorization exec default local
username x password y
Thank you.
10-26-2010 01:07 PM
You can set a different privilege in the username command, so your view user could look like
username view privilege 1 secret
where view is the username.
10-27-2010 07:02 AM
Hi,
I tried that on a test router logging into the console port and I could not log in with a privilege level of 1. I could log in with a privilege level of 3. However, it let me make changes to the router in config mode. My goal is to allow the account to run show commands on the router and have read only access.
Thoughts?
10-27-2010 11:42 AM
You would need to move the "show command" to level 3.
Use command "privilege exec level 6 show".
I hope it helps.
PK
10-28-2010 01:44 PM
If your IOS is greater than 12.3(7)T then you could use role-based CLI.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: