Re: VLAN ID assignment with privileges

martin_mirko · ‎07-08-2009

Hi,

I was wondering if it is possible to give a privilege access and let a person only put a specific vlan ID on the switch port but not all VLAN IDs available on the switch.

This is because I had DMZs on the LAN switch, and I don't want to give access to techs to put the VLAN ID of a DMZ, only they can change on LAN VLAN ID.

THanks !

Martin

Richard Burts · ‎07-08-2009

Martin

I do not know of any way to give a user privilege access to change VLAN ID and then to restrict which VLAN that they change.

HTH

Rick

HTH

Rick

wandering_997 · ‎07-08-2009

Hi Martin,

I agree with Rick.

It seems hardly to implement it if you only presume upon the LAN switch itself.

I suppose set allowed vlan on trunk links to the DMZ LAN switch maybe can archieve your object. But the precondition is the VLANs must not be used at all.

Or depend on some other network management application which can be set permission by more specific condition, such as vlan id.

Hope to help.

Wandering

avillalva · ‎07-08-2009

Hi Martin,

You should be able to achive this using role based CLI access. You can lock a view down to specific commands.

See this link:

http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_role_base_cli_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1051869

HTH,

Andres

martin_mirko · ‎07-09-2009

Thanks a lot for your answers, I believed I can't like you, but this parser that Andres proposed could work, I didn't know it before. I will check that info.

Thanks a lot again !

Martin

martin_mirko · ‎07-09-2009

Unfortunately, it is only supported from 12.4 on routers but not for switches ;)

Thanks a lot anyway,

Martin