RE: Telnet Privilege Levels

From: kym blair (kymblair@hotmail.com)
Date: Sun Nov 10 2002 - 01:13:51 GMT-3

• Next message: Rich Doty: "RE: ISDN Question"
• Previous message: Prio Utomo: "ISDN Question"
• Maybe in reply to: kym blair: "Telnet Privilege Levels"
• Next in thread: Neil Moore: "Re: Telnet Privilege Levels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Gary,

Thanks for the attempt, but they don't work. I tried them all programmed on
the same router at once, and one-at-a-time:

User1 can get into enable mode (interesting side-note: uses enable secret
password, but if there is no enable secret or enable password, still works
using the console password even though this is a vty conection!)

User2 error out with "invalid autocommand". If we remove the "autocommand
show int", User2 has all the show commands available, then can "enable" and
"config t"

User3 can get into enable mode, then "config t"

User4 starts well but disconnects before many "show run" lines are displayed

User5 mostly works, but can't "show start"

User6 good

User7 goes directly to privilege level 15 like User6.

If anyone can get these working, I'd sure like to see the configs. Thanks.
Kym

>From: "Lileikis, Gary" <gary.lileikis@unisys.com>
>Reply-To: "Lileikis, Gary" <gary.lileikis@unisys.com>
>To: kym blair <kymblair@hotmail.com>, ccielab@groupstudy.com
>Subject: RE: Telnet Privilege Levels
>Date: Sat, 9 Nov 2002 20:31:27 -0600
>
>Kym,
>How about this?
>username user1 password 0 cisco1
>username user2 password 0 cisco2
>username user2 privilege level 3
>username user2 autocommand show interface
>privilege exec level 3 show interface
>username user3 password cisco3
>username user3 privilege 2
>privilege exec level 2 show run
>username user4 privilege 2 password 0 cisco4
>username user4 autocommand show run
>username user5 privilege 5 password 0 cisco5
>privilege exec level 5 show
>username user6 privilege 15 password 0 cisco6
>username user7 privilege 15 password 0 cisco7
>enable secret level 1 cisco7
>
>
>Line vty 0 4
>login local
>
>
>Cheers... Gary Lileikis
>
>
>-----Original Message-----
>From: kym blair [mailto:kymblair@hotmail.com]
>Sent: Saturday, November 09, 2002 4:48 PM
>To: ccielab@groupstudy.com
>Subject: Telnet Privilege Levels
>
>
>Can someone post a *working config* that defines privilege levels for the
>following users who telnet into the router:
>
>User1 (pswd cisco1) = all unprivileged commands (normal access without
>enable password)
>
>User2 (pswd cisco2) = only "show interface"
>
>User3 (pswd cisco3) = all unprivileged commands plus "show run"
>
>User4 (pswd cisco4) = only "show run"
>
>User5 (pswd cisco5) = can use all "show" commands, but cannot do any
>configuration tasks
>
>User6 (pswd cisco6)= full privileged access (privilege level 15)
>
>User7 (pswd cisco7)= full privileged access (normal access with enable
>password)
>
>TIA, Kym
>
>
>
>
>
>
>
>_________________________________________________________________
>The new MSN 8: advanced junk mail protection and 2 months FREE*
>http://join.msn.com/?page=features/junkmail

• Next message: Rich Doty: "RE: ISDN Question"
• Previous message: Prio Utomo: "ISDN Question"
• Maybe in reply to: kym blair: "Telnet Privilege Levels"
• Next in thread: Neil Moore: "Re: Telnet Privilege Levels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:56 GMT-3