I'm quite sure you could accomplish your goals with TACACS and aaa
authorization, is that out of the question?
-Original Message-
From: Adam Hickey [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 20, 2002 12:52 PM
To: [EMAIL PROTECTED]
Subject: priviledge levels [7:53723]
All,
I wan
viewing the Running-Config requires level 15 privilege which allows the user
to change the config.
But try the Startup-Config. You can assign it to any privilege level. If
they are not going to change the config, most of times the startup-config
and the running are the same.
HTH
Hamid
""Adam Hi
You can use cisco secure acs. This allows you to restrict commands per user
or per group attributes. But if not, make a privilege level such as 7 and
put commands for that level to execute. This will keep them from entering a
config command. To test just login via telnet and after going into enabl
You can do this with TACACS among other things. Although, working in
ops right now, I would protest with having only read permissions for
production devices ;-)
hth,
Mark.
> -Original Message-
> From: Adam Hickey [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, 21 September 2002 02:52
> To:
With AAA authorization, you can do just about everything (with some
caveats).
You can even give a user privilege level 15 and he/she still can not go
into the
"configuration t" mode: Here is what you put on the router:
aaa authorization exec default group tacacs+ if-authenticated
aaa authorizati
5 matches
Mail list logo
