Would you like to learn how to configure RBAC on Cisco Switch? In this tutorial, we are going to show you how to restrict a local user account to use only a group of commands allowed by the network administrator on a Cisco Switch 2960 using the command-line.

Hardware List:

The following section presents the list of equipment used to create this Cisco Switch tutorial.

Every piece of hardware listed above can be found at Amazon website.

Cisco Switch Playlist:

On this page, we offer quick access to a list of videos related to Cisco Switch.

Don't forget to subscribe to our youtube channel named FKIT.

Cisco Switch Related Tutorial:

On this page, we offer quick access to a list of tutorials related to Cisco Switch.

Tutorial - RBAC on Cisco Switch

First, you need to access the configuration mode of your Cisco Switch.

Switch> enable
Switch# configure terminal

Use the parser command to create a list of authorized commands.

Switch(config)# parser view MYCOMMANDS
Switch(config-view)# secret mypass4thisgroup
Switch(config-view)# commands exec include ping
Switch(config-view)# commands exec include traceroute
Switch(config-view)# show ip route
Switch(config-view)# exit

Create a username and force the utilization of the group of commands that you created before.

Switch(config)# username goku view MYCOMMANDS secret kakarot

USe the AAA command to enable the local authentication and authorization.

Switch(config)# aaa new-model
Switch(config)# aaa authentication login default local
Switch(config)# aaa authorization exec default local
Switch(config)# aaa authorization console

Time to enable the telnet remote access feature.

Switch(config)# line vty 0 15
Switch(config)# login authentication default

Try to login on the switch using the console or a telnet client.

Use the login goku and the password kakarot.

Press the ? key to check the list of commands available to the goku user.

After finishing the test, don't forget to save your configuration.

# copy running-config startup-config