RE: Privileged exec level

From: Larson, Chris (Contractor) (Chris.Larson@xxxxxx)
Date: Wed Nov 07 2001 - 11:34:57 GMT-3

• Next message: Church, Chuck: "RE: VLAN trunking and 802.1Q"
• Previous message: steven.j.nelson@xxxxxx: "Terminal Access"
• Maybe in reply to: Spoerr, Mathias: "Privileged exec level"
• Next in thread: Gore, Peter: "RE: Privileged exec level"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Actually, I beleieve you can do command authorization using the local items
only. I believe we had done this before in class. I will dig through my
notes and try to find the scebario and post it.

-----Original Message-----
From: Spoerr, Mathias [mailto:Mathias.Spoerr@getronics.com]
Sent: Wednesday, November 07, 2001 5:03 AM
To: R. Benjamin Kessler; Park, Peter; 'McCallum, Robert ';
ccielab@groupstudy.com
Subject: AW: Privileged exec level

Hello!

Thank you for your input.
I think one thing is possible.
You have to use a TACACS or RADIUS Server and make Command Authorization.
Then every user has Priv Level 15 but is restricted in the commands he can
use.
But for this solution you have to configure very much on the TACACS/RADUIUS-
Server.

Mathias

-----Urspr|ngliche Nachricht-----
Von: R. Benjamin Kessler [mailto:ben@kesslerconsulting.com]
Gesendet: Dienstag, 06. November 2001 23:10
An: Park, Peter; 'McCallum, Robert '; Spoerr, Mathias;
ccielab@groupstudy.com
Betreff: RE: Privileged exec level

I thought I said that... :)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Park, Peter
Sent: Tuesday, November 06, 2001 1:21 PM
To: 'R. Benjamin Kessler '; 'McCallum, Robert '; ''Spoerr, Mathias' ';
'ccielab@groupstudy.com '
Subject: RE: Privileged exec level

 show run will display only the configs for which you have right to
configure.

-----Original Message-----
From: R. Benjamin Kessler
To: McCallum, Robert; 'Spoerr, Mathias'; ccielab@groupstudy.com
Sent: 11/6/01 12:51 PM
Subject: RE: Privileged exec level

This is true, however if I have the following command in the
configuration:

privilege exec level 1 show running-config

When I try to use it with level 1 privs. I get the following:

  router>sh running-config
  Building configuration...

  Current configuration : 134 bytes
  !
  ! Last configuration change at 11:48:59 CST Tue Nov 6 2001
  ! NVRAM config last updated at 18:25:23 CDT Mon Oct 22 2001
  !
  !
  !
  !
  end

I think you need to have "config" rights to the box in order to see a
meaningful "running config."

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
McCallum, Robert
Sent: Tuesday, November 06, 2001 11:21 AM
To: 'Spoerr, Mathias'; ccielab@groupstudy.com
Subject: RE: Privileged exec level

you can do whatever you want to do regarding priv levels.

sample

username me privilege level 3

privilege exec level 3 configure terminal

and hey presto!

-----Original Message-----
From: Spoerr, Mathias [mailto:Mathias.Spoerr@getronics.com]
Sent: 06 November 2001 16:12
To: ccielab@groupstudy.com
Subject: Privileged exec level

Hello!

Is it possible to configure a privileged exec level 10 to view the
running-config, or is it only possible with privileged exec level 15?

Thank's
Mathias

• Next message: Church, Chuck: "RE: VLAN trunking and 802.1Q"
• Previous message: steven.j.nelson@xxxxxx: "Terminal Access"
• Maybe in reply to: Spoerr, Mathias: "Privileged exec level"
• Next in thread: Gore, Peter: "RE: Privileged exec level"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 21 2002 - 06:45:06 GMT-3