cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
489
Views
0
Helpful
1
Replies

Restrict access to switches

Kiley Arena
Level 1
Level 1

 

Hello there,

 

I want to restrict users' access to switches such that they can do all the show commands, ping but no config t.  Right now, we use an SSH acl to allow the various subnets onto the network and we use TACACs+ for AAA.  With that being said, I have no access to the TACACs server to control the privilege level there so I have to do it at the switch level.  What I've read is that you create a privilege level and assign/associate a password to it so users get access to the device at that level; that won't work with us due to the access being controlled by TACACs.  Can anyone provide any solutions at the switch level that will use TACACs but once on the switch, the switch grants a certain privilege level?

 

Thanks so much in advance for any help!

Kiley

1 Accepted Solution

Accepted Solutions

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Since ACS is your primary authentication method, you would need to create the username and restrict the access there. As long as the ACS is up you can not authenticate via the local username and password.

HTH

View solution in original post

1 Reply 1

Reza Sharifi
Hall of Fame
Hall of Fame

Hi,

Since ACS is your primary authentication method, you would need to create the username and restrict the access there. As long as the ACS is up you can not authenticate via the local username and password.

HTH

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: