From: Omer Ansari (omer@ansari.com)
Date: Mon Sep 02 2002 - 09:01:46 GMT-3
Ahmed,
had tried that, but that explicitly allows commands that you enter.
i.e. this doesnt work:
R1#sr | inc priv
username cisco privilege 0 password 7 0822
privilege exec level 0 show
R9#telnet 1.1.1.1
Username: cisco
Password:
R1>show ?
call Show call
dial-peer Dial Plan Mapping Table for, e.g. VoIP Peers
flash: display information about flash: file system
gateway Show status of gateway
num-exp Number Expansion (Speed Dial) information
R1>
in other words if the requirements say "all show commands" and priv 0 was
to be used, i would have to do the following:
R1#sr | inc priv
username cisco privilege 0 password 7 0822
privilege exec level 0 show alps
privilege exec level 0 show backup
privilege exec level 0 show c2600
privilege exec level 0 show call
privilege exec level 0 show cca
...... [and the rest of the show commands that show up in regular normal
user exec mode]
and then:
R9#telnet 1.1.1.1
Username: cisco
Password:
R1>show ?
alps Alps information
backup Backup status
c2600 Show c2600 information
call Show call
cca CCA information
.....
[and all the show commands i explicitly entered in level0 would show up]
I'm sure there's a simpler way than this, if the requirement is possible
at all!
thanks,
omer
On Mon, 2 Sep 2002, Ahmed Al-Ghawas wrote:
> Try using privilege 0 instead of 1 and then enable the commands you require
> at that level
>
> HTH
>
> Ahmed
>
> ----- Original Message -----
> From: "Omer Ansari" <omer@ansari.com>
> To: <ccielab@groupstudy.com>
> Sent: Monday, September 02, 2002 3:59 AM
> Subject: privelege level to allow only "show" commands
>
>
> > All,
> >
> > doing a lab where theres a requirement to set a privelege level to only
> > allow show commands.
> >
> > researched the archive, as well as tried a few iterations, but even for
> > level1 i end up getting all sort of options other than show:
> >
> > R1(config)#username cisco privilege 1 nopassword
> >
> > R1#sr | inc (user|priv)
> > username cisco nopassword
> > privilege exec level 1 show
> >
> >
> > then i try to telnet in remotely.
> >
> > R9#telnet 1.1.1.1
> > ...
> > Username: cisco
> > R1>?
> > Exec commands:
> > <1-99> Session number to resume
> > access-enable Create a temporary Access-List entry
> > access-profile Apply user-profile to interface
> > clear Reset functions
> > ...
> >
> >
> > I still have a choice of all the other commands as you can see..
> >
> >
> > how can i configure R1, so that when I log in I get only this:
> >
> > R1>?
> > Exec commands:
> >
> > show Show running system information
> > exit ..
> > [and other mandatory level0 commands]
> >
> > R1>
> >
> >
> >
> > regards,
> > Omer
> > _________________________________________________________________
> > Commercial lab list: http://www.groupstudy.com/list/commercial.html
> > Please discuss commercial lab solutions on this list.
> _________________________________________________________________
> Commercial lab list: http://www.groupstudy.com/list/commercial.html
> Please discuss commercial lab solutions on this list.
This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:41 GMT-3