Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
643
Views
0
Helpful
4
Replies

User PC Access control

Anirudh Yadav
Level 1
Level 1

‎04-11-2017 09:42 PM - edited ‎03-08-2019 10:10 AM

How to disable all the commands that run on privilege exec mode [ router# ] and only enable basic t-shoot commands like extended Ping & traceroute from a user PC that has a remote telnet connection of a router?
Labels:
0 Helpful
4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni

‎04-12-2017 12:28 AM

You can use privilege commands to allow the user only user certain commands and see certain outputs when he logs in based on his login account

http://www.packetu.com/2012/09/06/changing-privilege-levels-for-cisco-ios-commands/

0 Helpful

Manish Gogna
Cisco Employee
Cisco Employee

‎04-12-2017 12:34 AM

Hi,

You can configure role-based CLI access as per the following

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html#wp1043332

https://supportforums.cisco.com/discussion/11416476/create-username-run-only-all-show-commands-cisco-switches-routers

Manish

- Do rate helpful posts -

0 Helpful

Milos Megis
Level 3
Level 3

‎04-12-2017 12:35 AM

If user login into privilege level 1 (prompt: Router>) then he will have only few commands including traceroute and ping.

But in common you can specify privilege levels from 2 to 14 where you can allow your commands. And higher level also has all commands from lower level.
Or you can use Tacacs server for access control.

0 Helpful

paul driver
VIP
VIP

‎04-13-2017 05:20 AM

Hello 

Attached is a file that i did for our desktop guys to be able to login the switches so they could enable ports and to check the status.

So for your request try:

Privilege exec level 2 show interface x/x
Privilege exec level 2 show interface brief
Privilege exec level 2 ping
Privilege exec level 2 traceroute

username STAN privilege 2 secret xxxx
username STANadmin privilege 15 secret xxxx

line xxx
login local

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Preview file
2 KB
0 Helpful
Customers Also Viewed These Support Documents