cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
392
Views
0
Helpful
5
Replies

3750- 12.2(37) Different privilege level for interfaces

robetrem
Level 1
Level 1

I want to permit helpdesk people to change some interfaces parameters for let say fastethernet port only. Since my uplink are Gigabit, I would like blocking them any changes on those.

Does anybody know a way to control that ? I am able with the privilege command to open change for interface command but it seem that i can not be more granular !

5 Replies 5

mchin345
Level 6
Level 6

You can enable role based cli through this each user can access some set of commands and interfaces only.

Am I able to define 2 sets of interfaces: one that can permit users to modify their parameters and the others not allowing that ?

If yes can you be explicit of how I can do that ?

Thanks

create some alias exec commands to refer to interaces you want to allow and then setup user profile to use the alias exec commands.

1) from my tests, commands embedded in alias are check against user profile, so you can not fool the system.

2) Giving the interface command, I am not able to specify which interface they can go or not!.

Somebody have a clue to simulate below:

Extra note : I want to be able to create 2 group of interfaces, let say: uplinkport and userport. Uplinkport could only be change by privilege 15 and userport by a different privilege,

have you tried to put the alias into a menu for each type of user ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco