?
Solved

Router, Switch, ASA priviledge levels

Posted on 2009-03-31
7
Medium Priority
?
448 Views
Last Modified: 2012-05-06
i am trying to lcokdown my cisco equipment and need some assistance.

i created a test account and assigned in a 7 priviledge; why is it i am able to create a user account with a higher privilidge level?  

what i am looking to do is to lock down all of the accounts and limit the changes to our equipment.
0
Comment
Question by:johnkesoglou
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 10

Expert Comment

by:atlas_shuddered
ID: 24032728
Your new account is provisioning with default privileging at creation.  To limit access you will need to configure the privilege level with the access/permissioning you wish it to levy.  For more information on how to configure privilege level authorizations, reference the following documentation from Cisco -

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftprienh.html#wp1027184

Cheers
0
 
LVL 8

Expert Comment

by:Sniper98G
ID: 24032735
By default the only privilege levels configured on a Cisco device are 0 and 15. All the others must be configured by you for what you want them to be able to do.
0
 

Author Comment

by:johnkesoglou
ID: 24033083
what i am looking to do is to lock down all of the accounts and limit the changes to our equipment.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 8

Expert Comment

by:Sniper98G
ID: 24033153
How much equipment do you have?
You may want to look into an ACS server. It supports a much greater degree of granularity and would allow you keep all of your accounts centrally.
0
 

Author Comment

by:johnkesoglou
ID: 24033314
we have 6 devices....nothing that crazy.  

it seems as if people dont understand what i am asking.

i need to restrict accounts on my ASA from being able to make any changes to the firewall.  i.e. creating users is one of them.  i assumed that by lowering the pirvilidge number it reduced the amount of rights an acount can have but that isnt the case.  

0
 
LVL 8

Expert Comment

by:Sniper98G
ID: 24033409
To do what you want will require allot of manual permission configuration on these devices. The guide that atlas put up contains instructions on how to do this but it will take a great deal of time to get this working how you want it.
0
 
LVL 10

Accepted Solution

by:
atlas_shuddered earned 2000 total points
ID: 24033493
johnk

The privilege levels are not preset with rights, you have to configure.  If I remember correctly, anything 6 and under logs as a 0 by default and anything 7 or higher logs at 15.  To get the granularity you are looking for you will need to configure each privilege level with the appropriate access to commands to perform the functions you specify.

To get deeper instruction on this, refer to the link I posted earlier.

Cheers
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
On Feb. 28, Amazon’s Simple Storage Service (S3) went down after an employee issued the wrong command during a debugging exercise. Among those affected were big names like Netflix, Spotify and Expedia.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question