From: JenBell (Jennifer_bellucci@hotmail.com)
Date: Mon Jun 23 2003 - 09:35:09 GMT-3
Hi People
If you read the command guide and I mean the words not the sentences, you
will find that when you allow "show" or any show command. You will
automatically enable "show @@@@@" or whatever show commands are available in
the IOS. Test it for yourself and you will see it.
Unless....someone knows of a workaround that does not involve AAA of any
kind?
Can someone educate me?
----- Original Message -----
From: "Emad " <emad@zakq8.com>
To: "'Erick B.'" <erickbe@yahoo.com>; <pierreg@mail.planetkc.com>;
<ccielab@groupstudy.com>
Sent: Sunday, June 22, 2003 9:36 PM
Subject: RE: privilege trick?
> Right Erick , I think ur solutions is working and I already running it
> in my lab
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Erick B.
> Sent: Sunday, June 22, 2003 11:23 PM
> To: pierreg@mail.planetkc.com; ccielab@groupstudy.com
> Subject: RE: privilege trick?
>
> Have you tried priv level 0 and lowering just show ip
> protocols down to 0? I'm using level 0 on some of my
> stuff at work and hardly anything is available unless
> configured.
>
> --- pierreg <pierreg@mail.planetkc.com> wrote:
> > Thank you Frabrice
> >
> > I was looking for a solution without TACACS.
> >
> > (I am assuming that on the R&S lab they only use
> > local databases)
> >
> > I made note of your tip though!
> >
> > Pierre-Alex
> >
> > -----Original Message-----
> > From: Fabrice Bobes [mailto:study@6colabs.com]
> > Sent: Sunday, June 22, 2003 7:20 PM
> > To: 'pierreg '; ccielab@groupstudy.com
> > Subject: RE: privilege trick?
> >
> >
> > Pierre-Alex,
> >
> > You can do it with Tacacs and command authorization.
> > On your Tacacs server, under the section shell
> > command authorization
> > set,
> > you can specify for the command "show" the arguments
> > "permit ip
> > protocols" and "deny ip".
> > You need to configure your router accordingly to use
> > command
> > authorization.
> > I let you fiddle with your router :-) but if you
> > need more info, just
> > let me know.
> >
> > Thanks,
> >
> > Fabrice
> > http://www.6CoLabs.com
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com] On Behalf Of
> > pierreg
> > Sent: Sunday, June 22, 2003 10:09 AM
> > To: ccielab@groupstudy.com
> > Subject: privilege trick?
> >
> > Is it possible to give a user just "show ip
> > protocols" whithout giving
> > him/her all the other "show ip" commands.
> >
> > I have checked CCO, fiddled with the routers and
> > digged the archives,
> > but this does not seem to be possible. Can anyone
> > confirm?
> >
> > Thanks,
> >
> > Pierre-Alex
> >
> >
> >
> _______________________________________________________________________
> > You are subscribed to the GroupStudy.com CCIE R&S
> > Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> _______________________________________________________________________
> > You are subscribed to the GroupStudy.com CCIE R&S
> > Discussion Group.
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:06 GMT-3