Solved

Cisco IOS user account privileges

Posted on 2010-11-29
4
575 Views
Last Modified: 2012-05-10
I am asked to create a user account that can do the follwing:
sh conf
sh webvpn
telnet
reload

If it has to be privilege 15 that is fine I just need to know if there is anything that can be done to restrict their access

There is no tacacs or radius, all passwords are just stored on the router
0
Comment
Question by:mmercaldi
  • 2
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
up_grayed_out earned 500 total points
ID: 34230668
You can define which commands a user can user by giving them a custom run level. Perhaps this link will be helpful.
http://zitizonx4.wordpress.com/2008/12/29/how-to-create-a-read-only-user-in-cisco-devices/
0
 

Author Comment

by:mmercaldi
ID: 34230973
awsome thanks, now if I set the line vty 0 4 to privilege level 5, the privlege level 15 accounts can still telnet in correctt with no problems?
0
 
LVL 6

Assisted Solution

by:up_grayed_out
up_grayed_out earned 500 total points
ID: 34247835
They could, but I think they'd be stuck at privilege level 5.
They might be able to elevate by typing
enable 15

Open in new window

I don't have anything set up that I can try this on right now.

What I'd do in your case, is
wr mem

Open in new window

Then add that line to the config and test telnet. If it doesn't work the way you want it to, you can console to it to remove the line, or just reboot it.
0
 

Author Closing Comment

by:mmercaldi
ID: 34301103
this worked thanks
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question