Configure the read-access via user-defined privilege level

Hello everyone,

I m looking for the best configuration to restrict a user read-only. The restriction must be configured through CLI not GANYMEDE.

Material: 3750 (probably not interesting for that matter)

More old IOS: 12.2 (53) SE1

The user should be allowed to:

  • See the running configuration
  • trigger all sorts of orders-show
  • Ping and traceroute of the device

The user should not be allowed to:

  • Download/delete/rename files on the flash memory
  • Enter the level 15 (not sure if I can avoid it)
  • all orders despite those level 1 and those specified above

Can someone help me with this?

Thanks in advance!

I have won´t forgotten messages useful rates

Hi Tobias,.

You can

set up multiple levels of privilege on a switch as explained below.

By default, the Cisco IOS Software has two modes of password security: user EXEC and

Privileged EXEC. You can configure up to 16 levels of commands for each mode.

By configuring multiple passwords, you can allow different sets of users to have access to

specified commands.

For example, if you want many users to have access to the clear line command, you can

He attributed a level 2 security and distribute the level 2 password fairly widely. But if you

want more restricted access to the command configure, you can assign security to level 3

and distribute the password to a more restricted group of users.

Definition of the level of privilege for a command

Beginning in privileged EXEC mode, follow these steps to set the privilege level for a

control mode:

Purpose of command

Step 1

Configure the terminal

Enter global configuration mode.

Step 2

level privilege mode level control

Set the level of privilege for a command.

For mode, enter set for the global configuration mode, exec to EXEC mode, interface

for the interface configuration mode, or the line for line configuration mode.

For level, the range is from 0 to 15. Level 1 is normal user EXEC mode privileges.

Level 15 is the level of access allowed by the enable password.

For command, enter the command that you want to restrict access.

Step 3

activate the password level

Specify the password to enable for the privilege level.

. For level, the range is from 0 to 15. Level 1 is normal user EXEC mode privileges.

Password, specify a string from 1 to 25 alphanumeric characters. The string cannot

start with a number, is case sensitive and allows spaces but ignores leading spaces. By

by default, no password is defined.

Step 4

end

Return to privileged mode.

Step 5

Show running-config

or

Show privilege

Check your entries.

The first command shows the level of the password configuration and access. The second command

Displays the privilege level configuration.

Step 6

copy running-config startup-config

(Optional) Save your entries in the configuration file.

When you set a command to a privilege level, all commands whose syntax is a subset of this

control can also be programmed at this level. For example, if you set the show ip traffic command

level 15 show commands and show ip commands are automatically set to privilege level

15 unless you set them individually at different levels.

To return to the privilege by default for a given command, use the no privilege mode level

control of level global configuration command.

This example shows how to set the command configures to focus on level 14 and set

SecretPswd14 as the password users must enter to use 14 level controls:

Switch (config) # level 14 exec privileges set up

Switch (config) # enable password 14 SecretPswd14 level

You can also change the default privilege for every user level.

Change the level of privilege by default for lines beginning in privileged EXEC mode follow these steps to change the default privilege for a line level: complete order

Step 1 Configure terminal enter global configuration mode.

Step 2 line vty select the virtual terminal line to restrict access.

Step 3 privilege level change the default privilege for the line level.

For level, the range is from 0 to 15. Level 1 is normal user EXEC mode

privileges. Level 15 is the level of access allowed by the enable password.

End of step 4 back in privileged mode.

Step 5 show running-config or show privilege

Check your entries. The first command shows the level of the password configuration and access.

The second command shows the privilege level configuration.

Step 6 copy running-config startup-config (optional) save your entries in the configuration file.

Users can replace the privilege level that you set by using the privilege level line configuration command

you connect to the line and enabling a different privilege level.

They can lower the privilege level by using the disable command.

If users know the password to a higher privilege level, they can use this password to enable the higher privilege level. You can specify a privilege for your console line level to restrict the use of the line or high-level.

To restore the default line privilege level, use the no privilege level line configuration command. Also I send you a document for your reference.

http://www.Cisco.com/univercd/CC/TD/doc/product/LAN/cat3750/12225see/SCG/swauthen.htm #wp1154063

HTH

Concerning

Reem

Tags: Cisco Network

Similar Questions

  • How to configure the VLAN-access plan on Cisco 3650

    Hello

    I would like to configure the VLan-access plan to filter some of the traffic VLAN, but I am unable to run vlan-map command on the cisco L3 3650 v03.06.00E

    Hello ahmed,.

    According to the command search tool, 3650 v03.06.00E does not support the vlan-access plan.

    You will need to catalyst 3650, 3SE to configure "vlan access map.

    https://Tools.Cisco.com/support/CLILookup/cltSearchAction.do

    Show vlan-plan of access (catalyst 3650, 3SE)

    VLAN-access plan (catalyst 3650, 3SE)

    I hope this helps.

    Please evaluate the useful messages.

    Thank you.

  • Manually configure the listener apex via command line

    I would like to be able to configure the listener apex via the command line.
    Is there an api or method to achieve this?

    Is it possible to take an apex-config. XML as a template and make changes to this environment and place it in the config.dir directory
    According to me, placing a! in front of the clear text password cryptera apex listener reboot?

    Is the method of model above a taken way in charge of the configuration of the apex listener script languages?

    I set the value of config.dir for /apex_lsnr
    This will search the apex - config.xml in the directory above or it will search the XML in /apex_lsnr/apex?

    +/apex_lsnr + would be option 1 - who doesn'work currently.

    ++ refers to the 'context' you have deployed your APEX listener, so if you used the default value (apex) this would actually
    +/apex_lsnr/apex +.

    -Online cp apex - config.xml $DOMAIN_HOME/apex_lsnr/apex

    Note that APEX auditor records the location of the apex - config.xml, he uses actually started. If it comes to the temporary location (default), he found nothing in your configured directory.

    -Udo

  • Configuration of the Essbase access via the Web browser user

    Hello world

    I have installed and configured the shared services, Admin Server, Essbase, now I need allow two user (User1 and User2) to access

    Essbase server via web browser. I request measures that I can achieve my requirement.

    If I tried several ways, but always struggeled with good configuration only i always able to connect with a user

    (admin).



    Concerning
    Kumar N

    Access EAS is weird (a large part of the functionality of the EAS is weird).

    While there is no request for Regional service to be set to, the username in question must be created in the Shared Services to connect to EA.

    So:
    (1) create the user name in the Shared Services
    (2) if Essbase is outsourced, set the user name on the server and the app/db in question (not strictly necessary from a point of view EAS, but you're here, so why not?)
    (3) launch EAS console, connect to Services of Administration and you are out of the race

    If you do not outsource Essbase security (why? "You want to maintain a username twice?) you need not do the step #2.

    Kind regards

    Cameron Lackpour

  • How to configure the control LUNS via R232 as COM4

    I believe that I have configured all the hardware including: usb 6251 DAQ connected to a SCC-68 with a load sg24 cell conditioner.  Also configured an actuator of PI - PZT E-516 as well through the MAX Series and the parallel section.  The new processor is not a slot r-232 if Im using a usb-r-232 converter.  I therefore appearing as COM4, which is fine.  When I run the vi associated with installing and configuring the PZT I get NO error, the settings are changed accordingly.  the problem is when I run my program r-232 parameters return to COM1.  The program calls the function of setting of PI which does not take into account user of com1 to 4 switch and just, he takes back when I run the program.  Of the reasons why this happens?  How to reconfigure hardware in combination with a previous program?  Is it possible to check if the program or if it's just my lack of knowledge of the configuration?

    Thank you

    In your main VI where you call the Subvi, right click on the entry in the Configuration Interface and select 'create a constant '. Change the selection of Com1 to Com4.

    The Subvi is not com4 as the default value.

  • Can configure the reader of card SIM in EliteBook 8440p

    Hello

    I am trying to set up a network connection using the SIM card reader, but I can not configure the card reader (does not appear in Device Manager).

    I'm at the Portugal and the response of the forum I found work here.

    Can you help me?

    Best regards

    Rodrigo Oliveira

    You are the very welcome.

    Yes, you will need to see if you can still get a WWAN card supported listed in the 8440p maintenance manual.

    You cannot install a WWAN card listed in the service manual or the laptop does not start until the unsupported card is removed.

    It must also ensure that the antenna of the WWAN card is present in the compartment, in that it will.

  • Configure the automatic updates without user intervention.

    How to configure the CC for the auto update without user intervention (without right of admin)

    Hello

    Please see the document below for help:

    Upgrade to Adobe Creative cloud 2015 applications

  • question of the decidability of oralce user defined rules

    Hello

    Accoring to some posts online (http://weblog.clarkparsia.com/2007/08/27/understanding-swrl-part-2-dl-safety/ http://protege.cim3.net/cgi-bin/wiki.pl?SWRLLanguageFAQ), in general, SWRL is undecidable. However, we can add some restrictions to SWRL to regain the decidability: Variables in DL security rules bind only to those explicitly named in the ontology. Add this restriction is sufficient to establish decidable SWRL rules. So, I wonder how the rules defined by the user Oracle reached the decidability. SWRL does adpot the simliar way? Thank you very much in advance.

    Hong

    Salvation Hong,

    It is a good question. Yes, we have adopted a similar idea. Chaining before engine database Oracle database are the existing resources of RDF known variables in rules of deduction. We will not generate a new RDF resource that does not exist already in the ontologies. This is very important because it ensures that the inference process will be completed in a period of time.

    The foregoing does not apply to the inference (a new 12.1) user-defined well.

    Thank you

    Zhe

  • How to get information about the types within a user defined package

    Hi all
    Have a package with some types (user-defined) defined in the package specification. How to get information about the types and
    information about the columns of this type.

    for example:
    Create package mp is

    type t is record (no number is varchar2 (30));

    procedure a (m t out...

    Thanks in advance.

    userg

    G_user wrote:
    the req's, want to build a script dynamically using data dictionary
    so if possible, I take the name of the type within the package specification.

    Let me rephrase - is there a data dictionary to get information on the type defined by the user within a package specification

    Best approach will be to have a standard in the definition of data types.

    Have a process to follow the object definitions in the package if it is mandatory.

  • Configuring Web Service access via a Proxy Server?

    Hello
    I'm trying to configure the tool OdiInvokeWebservices to hit a WebService through a proxy server.
    I managed to test my OdiInvokeWebservices against a local WS (i.e. a direct connection), but I do not see how to configure ODI to go through a proxy server.
    There is no obvious configuration setting (I expect to see a proxy host, username, password, and proxy exceptions maybe) on the tool OdiInvokeWebServices or ODI itself.

    So, anyone can answer all or part of the following?
    * Are there variables configuration ODI (or ODI environment variables) to set up the proxy server access?
    * In the case of a failure, what is the desirable approach (taking account of the architecture of the ODI)? For example, creating a technology ODI in the topology for HTTP connections through a proxy server (what is a sense - I'm new to ODI)?
    * What is possible or desirable to extend the OdiInvokeWebServices tool to enable the configuration for a proxy server? (probably a bad idea - a lot of hacking involved)?

    If all above fails them, then the only option is to give access ODI direct internet access.
    Thanks in advance,
    Matt

    Matt
    Have you tried to add additional parameters to the virtual machine java?
    I see that there are the following options that you can assign to ODI_ADDITIONAL_JAVA_OPTIONS in the odiparams file.
    Java $-Dhttp.proxyHost = proxyhostURL
    -Dhttp.proxyPort = proxyPortNumber
    -Dhttp.proxyUser = someUserName
    -Dhttp.proxyPassword = somePassword javaClassToRun
    Craig

  • can I get the api access via http without redirection service token to the login page for the echo sign?

    Hi guys,.

    I don't have much experience with echo adobe sign api, I want to let my users send their agreements of my site and I do not redirect to Portal sign echo when sending documents.

    Is there a way I can get access to the api token without redirection to the Portal sign echo?

    Note: I noticed in the api v2 here REST API - documents electronic signature software - Adobe Document Cloud, allowed to get the token via login and password sent in the http request, does v5 api also supports something similar to that?

    Thank you!

    Hello Mary,.

    According to the mentioned workflow, it is not possible to achieve this goal without going through the platform of E-Sign using calls to API or OAuth.

    Kind regards

    -Usman

  • USB disabled not able to write and read access but user authorized to datacard possible

    Dear all,

    I need usb disabled unable to access both read & write. But able to access a Data card and USB mouse.  This is possible thanks to a block log. Please post your suggestion.

    Hello

    1. What is the exact problem you are facing with USB?

    2. you receive an error message?

    3. have you made changes on the computer before this problem?

    Please provide us with more information to help you further.

  • Where is the location of iCloud data from the reader in my user library?

    I use an application called Carbon Copy Cloner to clone my Macintosh HD on an external hard drive. I noticed that my iCloud drive is not on the backup to clone, and I want to make sure that these files are included in the clone. I'm guessing that iCloud drive data are stored somewhere in my user library. If so, can someone tell me the exact location in my user library? If this is not the case, how can I ensure that my iCloud drive files are included when I clone my Macintosh HD?

    The Mobile Document folder in your user library.

  • How to configure the ODBC Access on Windows 7 driver?

    The ODBC SQL Server driver watch Installer is already installed.  But my database is a local MS Access file.  I want to choose the Access ODBC driver, but it is not listed.  Yes, Access is installed.

    Is - this Windows 7 64-bit or 32-bit

    ... check if this works for you

    http://social.msdn.Microsoft.com/forums/en/SQLDataAccess/thread/685eacc1-A670-42d4-8392-924230fa90cb

    Try to search "odbcad32.exe" and run the file

    You can find the file that that lies on

    C:\Windows\SysWOW64\odbcad32.exe (if it is Windows 7 64-bit)
    and
    C:\Windows\System32 (if it's Windows 7 32 bit)

  • Configuring the desktop for all users

    When you use Windows 7, is it possible to put up desktop shortcuts for all users who like to log onto the computer, it was in XP? Thank you!

    C:\Users\All Users\Bureau. You can copy shortcuts out there, and it will be displayed on any connected user.

Maybe you are looking for

  • Cannot copy mp3 to flash hard disk files

    I can copy any type of files from my flash drive in my PC, except the mp3 files. An i/o device error when I try to copy the mp3 files on my hard drive and after this error, I can't access my flash disk root and records. and I have to unplug flash USB

  • Windows 7 does not install new USB keys

    Hello I installed on my Dell Windows 7 Ultimate laptop. Recently (about 2 months now), it has developed a problem where he do not installed the drivers for the new USB hard drives or flash drives. All readers of connect very well without any problems

  • BlackBerry Smartphones eBay and Paypal request of Bold 9900

    I have been seraching for ebay and paypal application in the world of the app for bold 9900 but did not find, can someone help me. I used the two application with my old bold 9700, I need both applications on my new 9900.

  • error unexpected opening LR catalog

    I received a notice stating that Windows 10 could not connect to (I forgot what he said).  I took a point of restoring several days ago, and now I get the unexpected error message and there is only one catalog listed, which is the one that does not o

  • ILO login and password HP Proliant DL 320 g5p

    Hi, I have a problem here, there is a recently learned HP ILO, but the label with the username and password not where to find the user name and password are needed to