[c-nsp] 'privilege level' syntax
Peter Hicks
peter.hicks at poggs.co.uk
Fri Sep 23 12:04:23 EDT 2005
All,
I'm attempting to give a couple of our site staff access to configure VLAN
assignments on some switches.
Using RADIUS, they are assigned privilege level 10 and the following has
been used to move commands down to level 10:
privilege interface level 10 switchport
privilege interface level 10 switchport access
privilege interface level 10 switchport access vlan
privilege interface level 10 shutdown
privilege interface level 10 no shutdown
privilege interface level 10 description
privilege configure level 10 interface
privilege exec level 10 configure terminal
privilege exec level 10 write memory
privilege exec level 10 show running-config
All the servers are on GigabitEthernet3/x, and I'd like to limit access
further to only ports starting GigabitEthernet3/x (i.e. not anything on
blade 2, and none of the VLAN interfaces).
TACACS+ would do this easily, but we're already using RADIUS, so that's a
non-starter.
Anyone able to help?
Peter.
More information about the cisco-nsp
mailing list