Would you like to learn how to configure RBAC on Cisco Switch? In this tutorial, we are going to show you how to restrict a local user account to use only a group of commands allowed by the network administrator on a Cisco Switch 2960 using the command-line.
Hardware List:
The following section presents the list of equipment used to create this Cisco Switch tutorial.
Every piece of hardware listed above can be found at Amazon website.
Cisco Switch Playlist:
On this page, we offer quick access to a list of videos related to Cisco Switch.
Don't forget to subscribe to our youtube channel named FKIT.
Cisco Switch Related Tutorial:
On this page, we offer quick access to a list of tutorials related to Cisco Switch.
Tutorial - RBAC on Cisco Switch
First, you need to access the configuration mode of your Cisco Switch.
Switch> enable
Switch# configure terminal
Switch(config)#
Use the parser command to create a list of authorized commands.
Switch(config)# parser view MYCOMMANDS
Switch(config-view)# secret mypass4thisgroup
Switch(config-view)# commands exec include ping
Switch(config-view)# commands exec include traceroute
Switch(config-view)# show ip route
Switch(config-view)# exit
Create a username and force the utilization of the group of commands that you created before.
Switch(config)# username goku view MYCOMMANDS secret kakarot
USe the AAA command to enable the local authentication and authorization.
Switch(config)# aaa new-model
Switch(config)# aaa authentication login default local
Switch(config)# aaa authorization exec default local
Switch(config)# aaa authorization console
Time to enable the telnet remote access feature.
Switch(config)# line vty 0 15
Switch(config)# login authentication default
Try to login on the switch using the console or a telnet client.
Use the login goku and the password kakarot.
Press the ? key to check the list of commands available to the goku user.
After finishing the test, don't forget to save your configuration.
# copy running-config startup-config
