有没有办法创建这样的特权,使之只允许配置一个特定的端口,例如:gi1/0/1,但那时不允许配置gi1/0/2。
类似:特权接口 gi1/0/1 10
更新:作为半径来自 /usr/local/share/doc/tac_plus/users_guide 的说法:
The following configuration example permits user Fred to run the
following commands:
telnet 131.108.13.<any number> and
telnet 128.<any number>.12.3 and
show <anything>
All other commands are denied (by default).
user=fred {
cmd = telnet {
# permit specified telnets
permit 131\.108\.13\.[0-9]+
permit 128\.[0-9]+\.12\.3
}
cmd = show {
# permit show commands
permit .*
}
}
答案1
您可以使用 TACAS+ 服务器通过授权执行此操作,请参阅http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_authorizatn.html#wp1001170
答案2
不,不幸的是,IOS 的权限没有这么细粒度。