[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 372
  • Last Modified:

Cisco Router - Ready Only Account

Hello,

I'm running an Cisco 3845 and currently only have one account, privilege level 15, for my admin functions.

Cisco levels appear to go from 1-15.  What level would I use to allow read only access (via terminal and console) to the running config, and other show commands.  I also want to allow read only access to SDM (if thats possible)

Thanks
Shane
0
shanepresley
Asked:
shanepresley
2 Solutions
 
lrmooreCommented:
You can create user privilege levels, and define the commands that you want each level to be able to execute:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_command_reference_chapter09186a00800d980c.html

0
 
mikebernhardtCommented:
By default, if you set up a user name and password without adding the privilege argument, the user will have a level of 1. That's probably where you want to be. It'll allow them to go to enable mode only if they have the enable password.

For security purposes, I'd recommend that you do the same- set up an unprivileged user name and password (you can keep the existing admin one, but change the privilege level to 1), and an "enable secret" password that gets you to the administrative functions. By using prvilege level 15, you're bypassing the enable password entirely.

Enable secret has much better encryption than enable, so you can't use the many decryptors out there to get the enable password if you're using enable secret.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now