From: Emad (emad@zakq8.com)
Date: Sun Jun 22 2003 - 17:36:21 GMT-3
Right Erick , I think ur solutions is working and I already running it
in my lab
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Erick B.
Sent: Sunday, June 22, 2003 11:23 PM
To: pierreg@mail.planetkc.com; ccielab@groupstudy.com
Subject: RE: privilege trick?
Have you tried priv level 0 and lowering just show ip
protocols down to 0? I'm using level 0 on some of my
stuff at work and hardly anything is available unless
configured.
--- pierreg <pierreg@mail.planetkc.com> wrote:
> Thank you Frabrice
>
> I was looking for a solution without TACACS.
>
> (I am assuming that on the R&S lab they only use
> local databases)
>
> I made note of your tip though!
>
> Pierre-Alex
>
> -----Original Message-----
> From: Fabrice Bobes [mailto:study@6colabs.com]
> Sent: Sunday, June 22, 2003 7:20 PM
> To: 'pierreg '; ccielab@groupstudy.com
> Subject: RE: privilege trick?
>
>
> Pierre-Alex,
>
> You can do it with Tacacs and command authorization.
> On your Tacacs server, under the section shell
> command authorization
> set,
> you can specify for the command "show" the arguments
> "permit ip
> protocols" and "deny ip".
> You need to configure your router accordingly to use
> command
> authorization.
> I let you fiddle with your router :-) but if you
> need more info, just
> let me know.
>
> Thanks,
>
> Fabrice
> http://www.6CoLabs.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> pierreg
> Sent: Sunday, June 22, 2003 10:09 AM
> To: ccielab@groupstudy.com
> Subject: privilege trick?
>
> Is it possible to give a user just "show ip
> protocols" whithout giving
> him/her all the other "show ip" commands.
>
> I have checked CCO, fiddled with the routers and
> digged the archives,
> but this does not seem to be possible. Can anyone
> confirm?
>
> Thanks,
>
> Pierre-Alex
>
>
>
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:05 GMT-3