Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
558
Views
0
Helpful
1
Replies

Can you limit which interfaces a user can edit?

lonelyadmin
Level 1
Level 1

‎06-08-2020 08:23 AM

When limiting the commands a user can run from command line (or web), can you limit which interfaces they can edit?

I'm trying to limit my helpdesk to only being able to edit certain properties of interfaces that match a patter.

For example, to limit the user to changing vlan membership, description, and port-security on Gigabit interfaces only....something like this:

 

username helpdesk privilege 7
privilege configure level 7 interface GigabitEthernet[12]* ;or int range?
privilege interface level 7 description
privilege interface level 7 port-security
privilege interface level 7 switchport

That's just from my head, I don't know how to actually make that work.

Also, would this give them the same privilege in the web ui?

 

Thanks.

 

Oh, and it's running Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(6)E2, RELEASE SOFTWARE (fc4) using only local authentication.

Labels:
0 Helpful
1 Reply 1

pigallo
Cisco Employee
Cisco Employee

‎06-08-2020 10:02 AM

 

 

@lonelyadmin wrote:

When limiting the commands a user can run from command line (or web), can you limit which interfaces they can edit?

 

Hi,

yes it is possible with help of Role-based CLI.
Take look at the following link:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg-15-mt-book/sec-role-base-cli.html

 

Config guide is for your IOS release.

 

Regards.

 

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card