Cisco exec/global priviliges 2

[dvtestguy]

Have a question about priviliges...

Here's my current (not real login/passwords) config, and need to be able to add more users with privilages that can be able to get into global mode, but cannot change interface level parameters. Any ideas? Looked on cisco web, and did not see anything.

If not, I'd like to setup users to on be able to do "do show int commands".


username root secret 5 $2/JF8T$zc1rYez/mw4Dadd8Xd1jg/
username 123abc password 0 456xyz

line con 0
password 456xyz
line vty 0 4
password 456xyz
line vty 5 15
password 456xyz

 

[rmcp2k]

lol no such thing my friend. You can not assign a username with limited prividges to access the router.

the command you have "username 123.... " is for other router to access that particular router you setup.

 

[vipergg]

I would disagree you can assign certain levels. Here is a link

http://www.cisco.com/en/US/products...erence_chapter09186a008010a7b8.html#wp1030275

 

[dvtestguy]

vipergg,

looks like i'll need some sort of AAA?...TACACS+ perhaps?

if not, do you have any cisco examples?

thanks

 

[voltron1011]

You can assign different levels for certain users.

IE: Level 15 is for the person who needs all access. Whereas, level 5 give only certain 'show' commands.

 

[vipergg]

Don't think you need that , this what you use if you don't have a tacacs server . I'll be honest we haven't used this because we do use a tacacs server and you restrict users abilities thru that if needed . The page appears to tell you everything you need , may have to play around a little with it .