Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

AAA Question

Status
Not open for further replies.
gwildfire

gwildfire

IS-IT--Management
Apr 29, 2004
136
GB
Guys I am trying to configure AAA on a Cisco router. I want to setup a new level (14) to allow all commands with the exception of "Erase and copy" using LOCAL database (not tacacs+) Ciscos way of doing this seems to be allow basic then configure commands you allow. I need it the other way around as this is a massive list of commands!

Thanks in advance

Graham

Visit for free Cisco rack access.

CCNA, CCDA, CCNP, CCDP, CCIE R&S (Written), Net+, MCP, NCTS
 
Sort by date Sort by votes
or another approach can I make the startup-config read only have it boot a different config file?

Visit for free Cisco rack access.

CCNA, CCDA, CCNP, CCDP, CCIE R&S (Written), Net+, MCP, NCTS
 
Upvote 0 Downvote
If you don't want to allow changes to be written, then that kind of precludes any usefulness for the majority of the commands other than "show", does it not? If you can't write or copy, then the only thing it seems like you want admins to do is "show" and a few other commands.

Check your IOS level as well, there is a wildcard for your privilege command in some versions, which could make the task significantly easier:

 
Upvote 0 Downvote
No not really Chipk, I run an online lab and I want to clean sessions up when they have finished, one thing that often happens is people set passwords and hostnames etc, then even though I ask them no to, probably out of habit or lack or reading issue copy run start. I want to either prevent that aspect or after reload call upon a different config file.

Visit for free Cisco rack access.

CCNA, CCDA, CCNP, CCDP, CCIE R&S (Written), Net+, MCP, NCTS
 
Upvote 0 Downvote
yeah I looked at this link, the boot config command doesnt seem to be an option on any of my routers and they are all 12.3 or 12.4. I will try to tweak the config register see if I can get anywehre like that

Visit for free Cisco rack access.

CCNA, CCDA, CCNP, CCDP, CCIE R&S (Written), Net+, MCP, NCTS
 
Upvote 0 Downvote
i believe you need to use the
service config
command
you can then set in the router where it will take the config from...
 
Upvote 0 Downvote
2511(config)#service ?
compress-config Compress the configuration file
config TFTP load config files

hmm, tried this but it wants to use TFTP, I want to load a file saved in flash. Damm this is annoying!

Visit for free Cisco rack access.

CCNA, CCDA, CCNP, CCDP, CCIE R&S (Written), Net+, MCP, NCTS
 
Upvote 0 Downvote
Do you use any SNMP tools like SolarWinds? This still assumes that the users don't change the SNMP community string, but that just adds another way for you to recover back to your original config. If for instance, you set a RW community string, you can just push out the desired config after the class is over or whatever. Like I said, though, that still assumes they don't change the snmp community.

Sorry for assuming earlier, I couldn't think of any real world scenario where you'd want to do this, but I see why you do now.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Zero6
  • Locked
  • Question
question about cisco cbs 350-12xs 12 port 10g sfp+
Replies
0
Views
331
Zero6
Zero6
DigiByte34
  • Locked
  • Question
Need Help Cisco AAA to any RADIUS Software
Replies
9
Views
604
DigiByte34
DigiByte34
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
271
burtsbees
burtsbees
mkc1962
  • Locked
  • Question
Cisco 2602e connection question
Replies
0
Views
160
mkc1962
mkc1962
azrael2000
  • Locked
  • Question
quick question...re layer 3 with routing
Replies
1
Views
250
chieftan
chieftan

Part and Inventory Search

Sponsor

Back
Top