Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
739
Views
0
Helpful
3
Replies

users privilege in Cisco Router and ASA

mohamed.ali
Level 1
Level 1

‎12-23-2017 01:29 AM - edited ‎02-21-2020 10:42 AM

Dears,

 

please, I have junior network engineers I wanna to create to them read-only users in Cisco Router and ASA.
I wanna the standard command that I'll link it with users privilege.

like:

 

username blabla privilege 10  secret blabla

 

 

thanks,

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎12-23-2017 04:11 AM

For an easy read-only-access, just make sure that they get a user-mode-login, but don't provide the enable-password. The privilege-levels are only needed if your junior-admins also need commands that are only available in level 15.

The best way to control all this is from your TACACS-server.

0 Helpful

mohamed.ali
Level 1
Level 1
In response to Karsten Iwen

‎12-23-2017 06:28 AM

there are other choices?

as well for ASA ?

0 Helpful

Karsten Iwen
VIP
VIP
In response to mohamed.ali

‎12-24-2017 01:42 AM

For sure there are many choices:

  1. As mentioned, the most flexible and powerful ist the use of TACACS+. There is also a free server available: http://tacacs.net/download.asp
  2. The privilege-levels are available on all platforms but need to be configured on all devices in a similar fashion. If you don't have a central configuration-management, this could become quite difficult.
  3. On IOS, there is also RBAC. But that is not available on ASAs.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents