When limiting the commands a user can run from command line (or web), can you limit which interfaces they can edit?
I'm trying to limit my helpdesk to only being able to edit certain properties of interfaces that match a patter.
For example, to limit the user to changing vlan membership, description, and port-security on Gigabit interfaces only....something like this:
username helpdesk privilege 7
privilege configure level 7 interface GigabitEthernet[12]* ;or int range?
privilege interface level 7 description
privilege interface level 7 port-security
privilege interface level 7 switchport
That's just from my head, I don't know how to actually make that work.
Also, would this give them the same privilege in the web ui?
Thanks.
Oh, and it's running Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.2(6)E2, RELEASE SOFTWARE (fc4) using only local authentication.