02-14-2015 09:13 PM - edited 03-07-2019 10:39 PM
Hello there,
I want to restrict users' access to switches such that they can do all the show commands, ping but no config t. Right now, we use an SSH acl to allow the various subnets onto the network and we use TACACs+ for AAA. With that being said, I have no access to the TACACs server to control the privilege level there so I have to do it at the switch level. What I've read is that you create a privilege level and assign/associate a password to it so users get access to the device at that level; that won't work with us due to the access being controlled by TACACs. Can anyone provide any solutions at the switch level that will use TACACs but once on the switch, the switch grants a certain privilege level?
Thanks so much in advance for any help!
Kiley
Solved! Go to Solution.
02-15-2015 07:04 PM
Hi,
Since ACS is your primary authentication method, you would need to create the username and restrict the access there. As long as the ACS is up you can not authenticate via the local username and password.
HTH
02-15-2015 07:04 PM
Hi,
Since ACS is your primary authentication method, you would need to create the username and restrict the access there. As long as the ACS is up you can not authenticate via the local username and password.
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: