[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 589
  • Last Modified:

Cisco IOS user account privileges

I am asked to create a user account that can do the follwing:
sh conf
sh webvpn
telnet
reload

If it has to be privilege 15 that is fine I just need to know if there is anything that can be done to restrict their access

There is no tacacs or radius, all passwords are just stored on the router
0
mmercaldi
Asked:
mmercaldi
  • 2
  • 2
2 Solutions
 
up_grayed_outCommented:
You can define which commands a user can user by giving them a custom run level. Perhaps this link will be helpful.
http://zitizonx4.wordpress.com/2008/12/29/how-to-create-a-read-only-user-in-cisco-devices/
0
 
mmercaldiAuthor Commented:
awsome thanks, now if I set the line vty 0 4 to privilege level 5, the privlege level 15 accounts can still telnet in correctt with no problems?
0
 
up_grayed_outCommented:
They could, but I think they'd be stuck at privilege level 5.
They might be able to elevate by typing
enable 15

Open in new window

I don't have anything set up that I can try this on right now.

What I'd do in your case, is
wr mem

Open in new window

Then add that line to the config and test telnet. If it doesn't work the way you want it to, you can console to it to remove the line, or just reboot it.
0
 
mmercaldiAuthor Commented:
this worked thanks
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now