[c-nsp] Limit Access right on Cisco 6500 IOS ?

Aled Morris aledm at qix.co.uk
Tue Aug 30 09:41:58 EDT 2011


On 28 August 2011 06:32, Olivier CALVANO <o.calvano at gmail.com> wrote:

> I want know if i can limit a user to :
>     - See port states on of module card (not all)
>     - See vlan database and can create/modofy/delete a vlan
>     - Can configure a lot of Port on a specifique card
>
>
Although TACACS+ will let you authorise individual commands, it is a
challenge to do this on a "stateful" basis i.e. to permit users to run
commands on certain interfaces but not others.

Sounds like you are trying to "virtualise" management access to your switch,
like VDC on the Nexus 7k

I don't think you're going to achieve all of what you want on traditional
switch IOS.

Aled


More information about the cisco-nsp mailing list