From: chris.w.polson@xxxxxxxxxxxxx
Date: Sun Jun 09 2002 - 01:10:05 GMT-3
Hi Jeff,
We are using TACACS+ as well and do have differing levels of access. The
differing levels of access in our environment are provided by the
"privilege exec level command" at the device. For example:
privilege exec level 10 traceroute <- allows use of extended
traceroute
privilege exec level 10 ping <- allows use of extended ping
privilege exec level 10 show startup-config <- allows viewing of
startup-config, but not running
Once configured on the router (or any NAS), you can give the group the
privilege level you wish them to have. I did find a link regarding the
"privilege" commands that may help you as well:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_r/
srprt5/srpass.htm
Hopefully that helps you out a bit.
Regards,
Chris
Christopher W. Polson
CIO Network Services - GNOC
Dallas Infomart
VPN 573/4021; direct: 214-672-4021
chris.w.polson@accenture.com
"Tan Jeff"
<tanmx@msn.com> To: ccielab@groupstudy.com
Sent by: cc:
nobody@groupstudy.com Subject: OT:manage routers with
TACACS+ server
06/08/2002 10:40 PM
Please respond to "Tan
Jeff"
Hi,all
My company has over 100 routers,and I found it is very diffcult to
manage the routers' password with vty password and enable password. I don't
know how experts do it.I am tring to do it with cisco TACACS+ server(ver
2.3),but I met a problem.
I have definded two groups of routers, one is HQ routers and the other
is BRANCH routers. And our company has two groups of administrators too,one
is HQ administrator ,the other is BRANCH administrator. My aim is to permit
HQ administrtor can access the two groups routers with privilege 15,and
BRANCH administrator can access BRANCH routers with privilege 15,HQ routers
with privilege 10.It seem there are no such item in TACACS+ server. can
TACACS+ server do what I want?
I have searched the CCO,but found nothing about it.any help will be
appreciated.
Jeff
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:29 GMT-3