有没有办法,创build这样的特权,这将允许只configuration一个特定的端口例如:gi1 / 0/1,但在那个时候不会让gi1 / 0/2configuration。
如下所示:特权界面gi1 / 0/1 10
UPD:如radius所示 ,从/ usr / local / share / doc / tac_plus / users_guide:
The following configuration example permits user Fred to run the following commands: telnet 131.108.13.<any number> and telnet 128.<any number>.12.3 and show <anything> All other commands are denied (by default). user=fred { cmd = telnet { # permit specified telnets permit 131\.108\.13\.[0-9]+ permit 128\.[0-9]+\.12\.3 } cmd = show { # permit show commands permit .* } }
您可以使用TACAS +服务器使用授权执行此操作,请参阅http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_authorizatn.html#wp1001170
不,IOS的权限不是这个粒度不幸的。