Solved: Re: Line Console Login

eduangelo · ‎12-13-2018

Hello everyone

How to restrict access to line console 0 for the specific user on the switch ?

luis_cordova · ‎12-14-2018

Hello,

I have not found how to filter a created user.

But, in the line console configuration, you can remove the command login local and leave only the command login with a new password.

Then, you can share this new password only with authorized users.

Regards

View solution in original post

Francesco Molino · ‎12-14-2018

You won't be able to filter access and if the user has privilege 15, then he can do whatever if want.

However you have a feature called role based cli views. The goal is to create view and give them some commands they can run. Maybe it could be a workaround to give some users very few commands (like show ver) and they will connect to the console they will only get the command you defined.

There are multiple docs for this in Cisco website. Here one of them: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg-15-mt-book/sec-role-base-cli.pdf

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Kasun Bandara · ‎12-13-2018

Hi you can use aaa logins,
Check below..
username admin privilege 15 password test123

aaa new-model

aaa authentication login default group tacacs+

aaa authentication login CONSOLE local

aaa authentication enable default group tacacs+ enable

line console 0

login authentication CONSOLE

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

luis_cordova · ‎12-13-2018

Hi @eduangelo,

Please, be more specific

Regards

eduangelo · ‎12-14-2018

Hi, luis_cordova

Basically I have to restrict access to only one user to the console line. This user exists locally.

LukesWANadventure · ‎12-14-2018

Local to switch? As long as log in in enabled on the switch any user will need this credential to access, so you will have one log in? Unless Im am missing something here.

eduangelo · ‎12-14-2018

The user is created on the switch, but I want to restrict console access to this user only. In other words, it will not be able to login through the console line.

luis_cordova · ‎12-14-2018

Hello,

I have not found how to filter a created user.

But, in the line console configuration, you can remove the command login local and leave only the command login with a new password.

Then, you can share this new password only with authorized users.

Regards

Francesco Molino · ‎12-14-2018

You won't be able to filter access and if the user has privilege 15, then he can do whatever if want.

However you have a feature called role based cli views. The goal is to create view and give them some commands they can run. Maybe it could be a workaround to give some users very few commands (like show ver) and they will connect to the console they will only get the command you defined.

There are multiple docs for this in Cisco website. Here one of them: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_cfg/configuration/15-mt/sec-usr-cfg-15-mt-book/sec-role-base-cli.pdf

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question