cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
685
Views
0
Helpful
7
Replies
Highlighted
Beginner

Line Console Login

Hello everyone

 

How to restrict access to line console 0 for the specific user on the switch ?

 

2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted

Hello,

 

I have not found how to filter a created user.

But, in the line console configuration, you can remove the command login local and leave only the command login with a new password.

Then, you can share this new password only with authorized users.

 

Regards

View solution in original post

Highlighted

You won't be able to filter access and if the user has privilege 15, then he can do whatever if want.

However you have a feature called role based cli views. The goal is to create view and give them some commands they can run. Maybe it could be a workaround to give some users very few commands (like show ver) and they will connect to the console they will only get the command you defined.

There are multiple docs for this in Cisco website. Here one of them: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg-15-mt-book/sec-role-base-cli.pdf


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

7 REPLIES 7
Highlighted
Enthusiast

Hi you can use aaa logins,
Check below..
username admin privilege 15 password test123

aaa new-model

aaa authentication login default group tacacs+

aaa authentication login CONSOLE local

aaa authentication enable default group tacacs+ enable

line console 0

login authentication CONSOLE
Highlighted
VIP Advisor

Hi @eduangelo,

 

Please, be more specific 

 

Regards

Highlighted

Hi, luis_cordova

Basically I have to restrict access to only one user to the console line. This user exists locally.

Highlighted

Local to switch? As long as log in in enabled on the switch any user will need this credential to access, so you will have one log in? Unless Im am missing something here.

Highlighted

The user is created on the switch, but I want to restrict console access to this user only. In other words, it will not be able to login through the console line.

Highlighted

Hello,

 

I have not found how to filter a created user.

But, in the line console configuration, you can remove the command login local and leave only the command login with a new password.

Then, you can share this new password only with authorized users.

 

Regards

View solution in original post

Highlighted

You won't be able to filter access and if the user has privilege 15, then he can do whatever if want.

However you have a feature called role based cli views. The goal is to create view and give them some commands they can run. Maybe it could be a workaround to give some users very few commands (like show ver) and they will connect to the console they will only get the command you defined.

There are multiple docs for this in Cisco website. Here one of them: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg-15-mt-book/sec-role-base-cli.pdf


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Content for Community-Ad