Solved

Cisco IOS user account privileges

Posted on 2010-11-29
4
577 Views
Last Modified: 2012-05-10
I am asked to create a user account that can do the follwing:
sh conf
sh webvpn
telnet
reload

If it has to be privilege 15 that is fine I just need to know if there is anything that can be done to restrict their access

There is no tacacs or radius, all passwords are just stored on the router
0
Comment
Question by:mmercaldi
  • 2
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
up_grayed_out earned 500 total points
ID: 34230668
You can define which commands a user can user by giving them a custom run level. Perhaps this link will be helpful.
http://zitizonx4.wordpress.com/2008/12/29/how-to-create-a-read-only-user-in-cisco-devices/
0
 

Author Comment

by:mmercaldi
ID: 34230973
awsome thanks, now if I set the line vty 0 4 to privilege level 5, the privlege level 15 accounts can still telnet in correctt with no problems?
0
 
LVL 6

Assisted Solution

by:up_grayed_out
up_grayed_out earned 500 total points
ID: 34247835
They could, but I think they'd be stuck at privilege level 5.
They might be able to elevate by typing
enable 15

Open in new window

I don't have anything set up that I can try this on right now.

What I'd do in your case, is
wr mem

Open in new window

Then add that line to the config and test telnet. If it doesn't work the way you want it to, you can console to it to remove the line, or just reboot it.
0
 

Author Closing Comment

by:mmercaldi
ID: 34301103
this worked thanks
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
2 routers and 1 public IP Address. 10 61
Router Question 12 72
Provide internet access from one windows PC to another 16 101
Datacenter Upgrade - Design Question 5 19
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question