RBAC (Cisco Role Based Access Control) is used to create customized role for users. It is useful when we are not having RADIUS server.
We can also restrict the access with VRF , VLAN and interfaces.
For example , We can define the a role and assign it to a user. In which user will be authorized to use few commands and make the changes on few particular interfaces.
conf t role name ABC role 2 deny read-write role 3 permit command show version role 3 permit command show ip int brief
Deny command should be on top. because nexus considers the last entry as first entry. So if we will enter deny command in last then it will reflect on top and user will not able to run any command.
If we want to create the conditions such as user can make the changes in VLAn 54 but not in other VLANs or He can make the changes on interface 3/34 but not on interface 3/35 or any other interface then we can create the policies as below:
Nexus Cisco Role Based Access Control Example:
conf t role name ABC role 1 deny read-write role 2 permit command show ip route role 3 permit command show ip int status interface policy deny permit interface e3/34 role 4 permit command configure terminal:interface* role 5 permit command configure terminal:vlan* vlan policy deny permit vlan 54
Thanks For Reading ………………….
We will recommend you to read below posts:
Hey! I just wanted to ask if you ever have any trouble with hackers? My last blog (wordpress) was hacked and I ended up losing a few months of hard work due to no back up. Do you have any solutions to prevent hackers?