RE: Telnet Privilege Levels

From: Deepesh Chouhan (deepesh@cisco.com)
Date: Mon Nov 11 2002 - 08:19:10 GMT-3

• Next message: Adam Crisp: "ios tips"
• Previous message: Deepesh Chouhan: "Technical Tips - webpage ??"
• Maybe in reply to: kym blair: "Telnet Privilege Levels"
• Next in thread: Neil Moore: "Re: Telnet Privilege Levels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi

Do you have any pointers/webpage for this

I goofed up on this and lost my exec priviledges on console line. And guess
what there was no enable passwd on it, so no telnet either :)

Had to power cycle the router

thanks
deepesh

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Neil Moore
> Sent: Sunday, November 10, 2002 5:46 AM
> To: kym blair; gary.lileikis@unisys.com; ccielab@groupstudy.com
> Subject: Re: Telnet Privilege Levels
>
>
> This should give you a good starting point:
> privilege exec level 6 enable
> privilege exec level 3 show run
> privilege exec level 0 show priv
> privilege exec level 4 show interface
> privilege exec level 5 show
>
> username User1 privilege 0 password cisco1
> username User2 privilege 4 password cisco2
> username User2 autocommand show interface
> username User3 privilege 3 password cisco3
> username User4 privilege 3 password cisco4
> username User4 autocommand show run
> username User5 priv 5 password cisco5
> username User6 privilege 15 password cisco6
> username User7 privilege 1 password cisco7
>
> Order on the privilege levels is important
> Also giving someone show run gives them the passwords to the
> other levels..
> Even encrypted they are breakable.
> ----------------------------------------
> Neil Moore CCIE#10044
> ----- Original Message -----
> From: "kym blair" <kymblair@hotmail.com>
> To: <gary.lileikis@unisys.com>; <ccielab@groupstudy.com>
> Sent: Saturday, November 09, 2002 11:13 PM
> Subject: RE: Telnet Privilege Levels
>
>
> > Gary,
> >
> > Thanks for the attempt, but they don't work. I tried them all
> programmed
> on
> > the same router at once, and one-at-a-time:
> >
> > User1 can get into enable mode (interesting side-note: uses
> enable secret
> > password, but if there is no enable secret or enable password,
> still works
> > using the console password even though this is a vty conection!)
> >
> > User2 error out with "invalid autocommand". If we remove the
> "autocommand
> > show int", User2 has all the show commands available, then can "enable"
> and
> > "config t"
> >
> > User3 can get into enable mode, then "config t"
> >
> > User4 starts well but disconnects before many "show run" lines are
> displayed
> >
> > User5 mostly works, but can't "show start"
> >
> > User6 good
> >
> > User7 goes directly to privilege level 15 like User6.
> >
> > If anyone can get these working, I'd sure like to see the configs.
> Thanks.
> > Kym
> >
> >
> >
> >
> >
> >
> >
> >
> > >From: "Lileikis, Gary" <gary.lileikis@unisys.com>
> > >Reply-To: "Lileikis, Gary" <gary.lileikis@unisys.com>
> > >To: kym blair <kymblair@hotmail.com>, ccielab@groupstudy.com
> > >Subject: RE: Telnet Privilege Levels
> > >Date: Sat, 9 Nov 2002 20:31:27 -0600
> > >
> > >Kym,
> > >How about this?
> > >username user1 password 0 cisco1
> > >username user2 password 0 cisco2
> > >username user2 privilege level 3
> > >username user2 autocommand show interface
> > >privilege exec level 3 show interface
> > >username user3 password cisco3
> > >username user3 privilege 2
> > >privilege exec level 2 show run
> > >username user4 privilege 2 password 0 cisco4
> > >username user4 autocommand show run
> > >username user5 privilege 5 password 0 cisco5
> > >privilege exec level 5 show
> > >username user6 privilege 15 password 0 cisco6
> > >username user7 privilege 15 password 0 cisco7
> > >enable secret level 1 cisco7
> > >
> > >
> > >Line vty 0 4
> > >login local
> > >
> > >
> > >Cheers... Gary Lileikis
> > >
> > >
> > >-----Original Message-----
> > >From: kym blair [mailto:kymblair@hotmail.com]
> > >Sent: Saturday, November 09, 2002 4:48 PM
> > >To: ccielab@groupstudy.com
> > >Subject: Telnet Privilege Levels
> > >
> > >
> > >Can someone post a *working config* that defines privilege
> levels for the
> > >following users who telnet into the router:
> > >
> > >User1 (pswd cisco1) = all unprivileged commands (normal access without
> > >enable password)
> > >
> > >User2 (pswd cisco2) = only "show interface"
> > >
> > >User3 (pswd cisco3) = all unprivileged commands plus "show run"
> > >
> > >User4 (pswd cisco4) = only "show run"
> > >
> > >User5 (pswd cisco5) = can use all "show" commands, but cannot do any
> > >configuration tasks
> > >
> > >User6 (pswd cisco6)= full privileged access (privilege level 15)
> > >
> > >User7 (pswd cisco7)= full privileged access (normal access with enable
> > >password)
> > >
> > >TIA, Kym
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >_________________________________________________________________
> > >The new MSN 8: advanced junk mail protection and 2 months FREE*
> > >http://join.msn.com/?page=features/junkmail
> >
> >
> > _________________________________________________________________
> > Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> > http://join.msn.com/?page=features/junkmail

• Next message: Adam Crisp: "ios tips"
• Previous message: Deepesh Chouhan: "Technical Tips - webpage ??"
• Maybe in reply to: kym blair: "Telnet Privilege Levels"
• Next in thread: Neil Moore: "Re: Telnet Privilege Levels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:56 GMT-3