Solved

Cisco IOS user account privileges

Posted on 2010-11-29
4
573 Views
Last Modified: 2012-05-10
I am asked to create a user account that can do the follwing:
sh conf
sh webvpn
telnet
reload

If it has to be privilege 15 that is fine I just need to know if there is anything that can be done to restrict their access

There is no tacacs or radius, all passwords are just stored on the router
0
Comment
Question by:mmercaldi
  • 2
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
up_grayed_out earned 500 total points
ID: 34230668
You can define which commands a user can user by giving them a custom run level. Perhaps this link will be helpful.
http://zitizonx4.wordpress.com/2008/12/29/how-to-create-a-read-only-user-in-cisco-devices/
0
 

Author Comment

by:mmercaldi
ID: 34230973
awsome thanks, now if I set the line vty 0 4 to privilege level 5, the privlege level 15 accounts can still telnet in correctt with no problems?
0
 
LVL 6

Assisted Solution

by:up_grayed_out
up_grayed_out earned 500 total points
ID: 34247835
They could, but I think they'd be stuck at privilege level 5.
They might be able to elevate by typing
enable 15

Open in new window

I don't have anything set up that I can try this on right now.

What I'd do in your case, is
wr mem

Open in new window

Then add that line to the config and test telnet. If it doesn't work the way you want it to, you can console to it to remove the line, or just reboot it.
0
 

Author Closing Comment

by:mmercaldi
ID: 34301103
this worked thanks
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cisco switch stacking 6 53
Wireless antenna advice/design 6 49
Read-only SNMP string example ? 7 73
Sonicwall TZ 205- Dropping Incoming E-mail as IP Spoof 13 92
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now