From: Neil Moore (neil@droopy.com)
Date: Mon Nov 11 2002 - 10:03:47 GMT-3
The level 15 user(user6) should let you in as it does not need an enable
password.
Also change
username User7 privilege 6 password cisco7
when you get back on..
Did you use aaa on it?
The quickest way is to do a password recovery routine and add an enable
password to the config.
----------------------------------------
Neil Moore CCIE#10044
----- Original Message -----
From: "Deepesh Chouhan" <deepesh@cisco.com>
To: "Neil Moore" <neil@droopy.com>; "kym blair" <kymblair@hotmail.com>;
<gary.lileikis@unisys.com>; <ccielab@groupstudy.com>
Sent: Monday, November 11, 2002 6:19 AM
Subject: RE: Telnet Privilege Levels
> Hi
>
> Do you have any pointers/webpage for this
>
> I goofed up on this and lost my exec priviledges on console line. And
guess
> what there was no enable passwd on it, so no telnet either :)
>
> Had to power cycle the router
>
> thanks
> deepesh
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Neil Moore
> > Sent: Sunday, November 10, 2002 5:46 AM
> > To: kym blair; gary.lileikis@unisys.com; ccielab@groupstudy.com
> > Subject: Re: Telnet Privilege Levels
> >
> >
> > This should give you a good starting point:
> > privilege exec level 6 enable
> > privilege exec level 3 show run
> > privilege exec level 0 show priv
> > privilege exec level 4 show interface
> > privilege exec level 5 show
> >
> > username User1 privilege 0 password cisco1
> > username User2 privilege 4 password cisco2
> > username User2 autocommand show interface
> > username User3 privilege 3 password cisco3
> > username User4 privilege 3 password cisco4
> > username User4 autocommand show run
> > username User5 priv 5 password cisco5
> > username User6 privilege 15 password cisco6
> > username User7 privilege 1 password cisco7
> >
> > Order on the privilege levels is important
> > Also giving someone show run gives them the passwords to the
> > other levels..
> > Even encrypted they are breakable.
> > ----------------------------------------
> > Neil Moore CCIE#10044
> > ----- Original Message -----
> > From: "kym blair" <kymblair@hotmail.com>
> > To: <gary.lileikis@unisys.com>; <ccielab@groupstudy.com>
> > Sent: Saturday, November 09, 2002 11:13 PM
> > Subject: RE: Telnet Privilege Levels
> >
> >
> > > Gary,
> > >
> > > Thanks for the attempt, but they don't work. I tried them all
> > programmed
> > on
> > > the same router at once, and one-at-a-time:
> > >
> > > User1 can get into enable mode (interesting side-note: uses
> > enable secret
> > > password, but if there is no enable secret or enable password,
> > still works
> > > using the console password even though this is a vty conection!)
> > >
> > > User2 error out with "invalid autocommand". If we remove the
> > "autocommand
> > > show int", User2 has all the show commands available, then can
"enable"
> > and
> > > "config t"
> > >
> > > User3 can get into enable mode, then "config t"
> > >
> > > User4 starts well but disconnects before many "show run" lines are
> > displayed
> > >
> > > User5 mostly works, but can't "show start"
> > >
> > > User6 good
> > >
> > > User7 goes directly to privilege level 15 like User6.
> > >
> > > If anyone can get these working, I'd sure like to see the configs.
> > Thanks.
> > > Kym
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > >From: "Lileikis, Gary" <gary.lileikis@unisys.com>
> > > >Reply-To: "Lileikis, Gary" <gary.lileikis@unisys.com>
> > > >To: kym blair <kymblair@hotmail.com>, ccielab@groupstudy.com
> > > >Subject: RE: Telnet Privilege Levels
> > > >Date: Sat, 9 Nov 2002 20:31:27 -0600
> > > >
> > > >Kym,
> > > >How about this?
> > > >username user1 password 0 cisco1
> > > >username user2 password 0 cisco2
> > > >username user2 privilege level 3
> > > >username user2 autocommand show interface
> > > >privilege exec level 3 show interface
> > > >username user3 password cisco3
> > > >username user3 privilege 2
> > > >privilege exec level 2 show run
> > > >username user4 privilege 2 password 0 cisco4
> > > >username user4 autocommand show run
> > > >username user5 privilege 5 password 0 cisco5
> > > >privilege exec level 5 show
> > > >username user6 privilege 15 password 0 cisco6
> > > >username user7 privilege 15 password 0 cisco7
> > > >enable secret level 1 cisco7
> > > >
> > > >
> > > >Line vty 0 4
> > > >login local
> > > >
> > > >
> > > >Cheers... Gary Lileikis
> > > >
> > > >
> > > >-----Original Message-----
> > > >From: kym blair [mailto:kymblair@hotmail.com]
> > > >Sent: Saturday, November 09, 2002 4:48 PM
> > > >To: ccielab@groupstudy.com
> > > >Subject: Telnet Privilege Levels
> > > >
> > > >
> > > >Can someone post a *working config* that defines privilege
> > levels for the
> > > >following users who telnet into the router:
> > > >
> > > >User1 (pswd cisco1) = all unprivileged commands (normal access
without
> > > >enable password)
> > > >
> > > >User2 (pswd cisco2) = only "show interface"
> > > >
> > > >User3 (pswd cisco3) = all unprivileged commands plus "show run"
> > > >
> > > >User4 (pswd cisco4) = only "show run"
> > > >
> > > >User5 (pswd cisco5) = can use all "show" commands, but cannot do any
> > > >configuration tasks
> > > >
> > > >User6 (pswd cisco6)= full privileged access (privilege level 15)
> > > >
> > > >User7 (pswd cisco7)= full privileged access (normal access with
enable
> > > >password)
> > > >
> > > >TIA, Kym
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >
> > > >_________________________________________________________________
> > > >The new MSN 8: advanced junk mail protection and 2 months FREE*
> > > >http://join.msn.com/?page=features/junkmail
> > >
> > >
> > > _________________________________________________________________
> > > Help STOP SPAM with the new MSN 8 and get 2 months FREE*
> > > http://join.msn.com/?page=features/junkmail
This archive was generated by hypermail 2.1.4 : Tue Dec 03 2002 - 07:22:56 GMT-3