有没有办法创建这样的权限,它只允许配置一个特定的端口 ex: gi1/0/1 ,但当时不允许配置 gi1/0/2 。
Smth like: 权限接口 gi1/0/1 10
UPD:正如半径所说,来自 /usr/local/share/doc/tac_plus/users_guide :
The following configuration example permits user Fred to run the
following commands:
telnet 131.108.13.<any number> and
telnet 128.<any number>.12.3 and
show <anything>
All other commands are denied (by default).
user=fred {
cmd = telnet {
# permit specified telnets
permit 131\.108\.13\.[0-9]+
permit 128\.[0-9]+\.12\.3
}
cmd = show {
# permit show commands
permit .*
}
}
不,不幸的是,IOS 的权限没有这么精细。
您可以使用 TACAS+ 服务器通过授权来执行此操作,请参阅http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_authorizatn.html#wp1001170