User/Role based commands
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2012 01:58 PM - edited 03-07-2019 08:47 AM
Hi,
I want to give limited access to our first level support so that they can execute certain basic commands like, port vlan change, access port shut/no-shut on Cisco 6509 and 3750E switches IOS based. I want to restrict them to only few options so they can not make changes to uplink (TenGig) ports and can not issue reload command etc. We do not have TACACS. What is the best way to achieve this? Is there an example, any links etc?
Would appreciate help!!
Fawad
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-09-2012 02:45 PM
Try the below and you should be fine:
username xxxx privilege level 7 pasword yyyy
privilege interface level 7 shutdown
privilege interface level 7 no shutdown
privilege exec level 7 ping
privelege exec level 7 trace
privelege exec level 7 show run
privelege exec level 7 copy running-config startup-config
privlege configure level 7 vlan
privelege configure level 7 no vlan
privelege interface level 7 switch port mode
privelege interface level 7 switch port access
Regards,
Mohamed

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-10-2012 06:25 AM
Hi Fawad,
a bit of (vendor-specific) theory to better understand the importance of what you are doing:
A very interesting article (not practical.. not at all ) can be found on wikipedia looking for rbac or role based access control
Hope this helps
Alessio
