Cisco Usernames

[jonks]

I want to create a read nly username for my support guys.. Or if this can not be done just 'show rights'

Can anyone help me how to do this

At the moment i am not prompted for a user name when i telnet onto the router

 

[badbadzt]

You can configure your router to use authentication from a TACACS or Radius server. Then your router will prompt for username and password when telneting to router. As for readonly, as long as your are not in exec mode your support guys will not be able to make any amendments to the config.

 

[KY]

You could use aaa localy if you dont have tacacs etc.

conf t
aaa new model
aaa login local
username XXXXXXX password YYYYYYYY

You need a username/passwd entered for everyone who needs to get on to the box, I'd do a default one as well, for your support guys (saves typing).
quickest way to limit the support team is to not give them the enable secret passwd.

 

[Saeed42]

This is usually time consuming and there are two way that you can achieve it

1 In an ideal world you would use Tacacs/Radius server and give each user set of commands that they can execute

2 You can use the router to achieve a similar thing as the Radius/Tacacs server using 'username name privilege 5 password password', and attaching set of commands to that level, for example "privilege exec level 5 show ip route" which will allow them to run that command, When someone logs in with that username and password they can only run the commands that are allowed for that level
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Don't be content with being average. Average is as close to the bottom as it is to the top
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[leekb]

I configured this in the router:

username ten privilege 10 password 0 ten

then I logged in as user ten.

Router>show privilege
Router>Current privilege level is 1

I expect the privilege level to be 10. Anyone has any idea why it is still 1?