• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 450
  • Last Modified:

Router, Switch, ASA priviledge levels

i am trying to lcokdown my cisco equipment and need some assistance.

i created a test account and assigned in a 7 priviledge; why is it i am able to create a user account with a higher privilidge level?  

what i am looking to do is to lock down all of the accounts and limit the changes to our equipment.
0
johnkesoglou
Asked:
johnkesoglou
  • 3
  • 2
  • 2
1 Solution
 
atlas_shudderedSr. Network EngineerCommented:
Your new account is provisioning with default privileging at creation.  To limit access you will need to configure the privilege level with the access/permissioning you wish it to levy.  For more information on how to configure privilege level authorizations, reference the following documentation from Cisco -

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftprienh.html#wp1027184

Cheers
0
 
Sniper98GCommented:
By default the only privilege levels configured on a Cisco device are 0 and 15. All the others must be configured by you for what you want them to be able to do.
0
 
johnkesoglouAuthor Commented:
what i am looking to do is to lock down all of the accounts and limit the changes to our equipment.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Sniper98GCommented:
How much equipment do you have?
You may want to look into an ACS server. It supports a much greater degree of granularity and would allow you keep all of your accounts centrally.
0
 
johnkesoglouAuthor Commented:
we have 6 devices....nothing that crazy.  

it seems as if people dont understand what i am asking.

i need to restrict accounts on my ASA from being able to make any changes to the firewall.  i.e. creating users is one of them.  i assumed that by lowering the pirvilidge number it reduced the amount of rights an acount can have but that isnt the case.  

0
 
Sniper98GCommented:
To do what you want will require allot of manual permission configuration on these devices. The guide that atlas put up contains instructions on how to do this but it will take a great deal of time to get this working how you want it.
0
 
atlas_shudderedSr. Network EngineerCommented:
johnk

The privilege levels are not preset with rights, you have to configure.  If I remember correctly, anything 6 and under logs as a 0 by default and anything 7 or higher logs at 15.  To get the granularity you are looking for you will need to configure each privilege level with the appropriate access to commands to perform the functions you specify.

To get deeper instruction on this, refer to the link I posted earlier.

Cheers
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now