Re: Telnet Privilege Levels

From: Neil Moore (neil@droopy.com)
Date: Sun Nov 10 2002 - 10:45:56 GMT-3

• Next message: Brian T. Albert: "RE: BGP & multihoming"
• Previous message: Phil: "Re: OT:2500 router problem"
• Maybe in reply to: kym blair: "Telnet Privilege Levels"
• Next in thread: Dan.Thorson@seagate.com: "Re: Telnet Privilege Levels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This should give you a good starting point:
privilege exec level 6 enable
privilege exec level 3 show run
privilege exec level 0 show priv
privilege exec level 4 show interface
privilege exec level 5 show

username User1 privilege 0 password cisco1
username User2 privilege 4 password cisco2
username User2 autocommand show interface
username User3 privilege 3 password cisco3
username User4 privilege 3 password cisco4
username User4 autocommand show run
username User5 priv 5 password cisco5
username User6 privilege 15 password cisco6
username User7 privilege 1 password cisco7

Order on the privilege levels is important
Also giving someone show run gives them the passwords to the other levels..
Even encrypted they are breakable.
----------------------------------------
Neil Moore CCIE#10044
----- Original Message -----
From: "kym blair" <kymblair@hotmail.com>
To: <gary.lileikis@unisys.com>; <ccielab@groupstudy.com>
Sent: Saturday, November 09, 2002 11:13 PM
Subject: RE: Telnet Privilege Levels

> Gary,
>
> Thanks for the attempt, but they don't work. I tried them all programmed
on
> the same router at once, and one-at-a-time:
>
> User1 can get into enable mode (interesting side-note: uses enable secret
> password, but if there is no enable secret or enable password, still works
> using the console password even though this is a vty conection!)
>
> User2 error out with "invalid autocommand". If we remove the "autocommand
> show int", User2 has all the show commands available, then can "enable"
and
> "config t"
>
> User3 can get into enable mode, then "config t"
>
> User4 starts well but disconnects before many "show run" lines are
displayed
>
> User5 mostly works, but can't "show start"
>
> User6 good
>
> User7 goes directly to privilege level 15 like User6.
>
> If anyone can get these working, I'd sure like to see the configs.
Thanks.
> Kym
>
>
>
>
>
>
>
>
> >From: "Lileikis, Gary" <gary.lileikis@unisys.com>
> >Reply-To: "Lileikis, Gary" <gary.lileikis@unisys.com>
> >To: kym blair <kymblair@hotmail.com>, ccielab@groupstudy.com
> >Subject: RE: Telnet Privilege Levels
> >Date: Sat, 9 Nov 2002 20:31:27 -0600
> >
> >Kym,
> >How about this?
> >username user1 password 0 cisco1
> >username user2 password 0 cisco2
> >username user2 privilege level 3
> >username user2 autocommand show interface
> >privilege exec level 3 show interface
> >username user3 password cisco3
> >username user3 privilege 2
> >privilege exec level 2 show run
> >username user4 privilege 2 password 0 cisco4
> >username user4 autocommand show run
> >username user5 privilege 5 password 0 cisco5
> >privilege exec level 5 show
> >username user6 privilege 15 password 0 cisco6
> >username user7 privilege 15 password 0 cisco7
> >enable secret level 1 cisco7
> >
> >
> >Line vty 0 4
> >login local
> >
> >
> >Cheers... Gary Lileikis
> >
> >
> >-----Original Message-----
> >From: kym blair [mailto:kymblair@hotmail.com]
> >Sent: Saturday, November 09, 2002 4:48 PM
> >To: ccielab@groupstudy.com
> >Subject: Telnet Privilege Levels
> >
> >
> >Can someone post a *working config* that defines privilege levels for the
> >following users who telnet into the router:
> >
> >User1 (pswd cisco1) = all unprivileged commands (normal access without
> >enable password)
> >
> >User2 (pswd cisco2) = only "show interface"
> >
> >User3 (pswd cisco3) = all unprivileged commands plus "show run"
> >
> >User4 (pswd cisco4) = only "show run"
> >
> >User5 (pswd cisco5) = can use all "show" commands, but cannot do any
> >configuration tasks
> >
> >User6 (pswd cisco6)= full privileged access (privilege level 15)
> >
> >User7 (pswd cisco7)= full privileged access (normal access with enable
> >password)
> >
> >TIA, Kym
> >
> >
> >
> >
> >
> >
> >
> >_________________________________________________________________
> >The new MSN 8: advanced junk mail protection and 2 months FREE*
> >http://join.msn.com/?page=features/junkmail
>
>
> _________________________________________________________________
> Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> http://join.msn.com/?page=features/junkmail

• Next message: Brian T. Albert: "RE: BGP & multihoming"
• Previous message: Phil: "Re: OT:2500 router problem"
• Maybe in reply to: kym blair: "Telnet Privilege Levels"
• Next in thread: Dan.Thorson@seagate.com: "Re: Telnet Privilege Levels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:56 GMT-3