Solved

Cisco IOS user account privileges

Posted on 2010-11-29
4
572 Views
Last Modified: 2012-05-10
I am asked to create a user account that can do the follwing:
sh conf
sh webvpn
telnet
reload

If it has to be privilege 15 that is fine I just need to know if there is anything that can be done to restrict their access

There is no tacacs or radius, all passwords are just stored on the router
0
Comment
Question by:mmercaldi
  • 2
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
up_grayed_out earned 500 total points
ID: 34230668
You can define which commands a user can user by giving them a custom run level. Perhaps this link will be helpful.
http://zitizonx4.wordpress.com/2008/12/29/how-to-create-a-read-only-user-in-cisco-devices/
0
 

Author Comment

by:mmercaldi
ID: 34230973
awsome thanks, now if I set the line vty 0 4 to privilege level 5, the privlege level 15 accounts can still telnet in correctt with no problems?
0
 
LVL 6

Assisted Solution

by:up_grayed_out
up_grayed_out earned 500 total points
ID: 34247835
They could, but I think they'd be stuck at privilege level 5.
They might be able to elevate by typing
enable 15

Open in new window

I don't have anything set up that I can try this on right now.

What I'd do in your case, is
wr mem

Open in new window

Then add that line to the config and test telnet. If it doesn't work the way you want it to, you can console to it to remove the line, or just reboot it.
0
 

Author Closing Comment

by:mmercaldi
ID: 34301103
this worked thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now