From: Emad (emad@zakq8.com)
Date: Mon Jun 23 2003 - 03:00:00 GMT-3
Hi Erik,
I'm just asking about the command rtr in the URL , what is it for?
thanx
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Erick B.
Sent: Monday, June 23, 2003 5:39 AM
To: wing_lam@jossynergy.com
Cc: ccielab@groupstudy.com; pierreg@mail.planetkc.com
Subject: RE: privilege trick?
I just labbed it up here and when show ip protocols is
assigned to level 0, it can be used when at level 0
and 15 without a problem. The way I understand
privilege levels is that if you're at level 14 for
example you can use commands from level 0 to level 14,
but not level 15 commands.
Also, if you use level 0 you may have to lower some
levels on other show commands to get certain banners
to display. Example is show refuse-message when using
refuse-message on lines.
Also, in 12.2(13)T they enhanced the privilege command
with an all keyword. URL is below for more info on
this.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft
/122t/122t13/ftprienh.htm
Erick
--- wing_lam@jossynergy.com wrote:
>
> Hi, Erick;
>
> If this command is assigned to level 0, will it
> becomes not accessible for
> another level? I have try this and this command
> becomes inaccessible by the
> priviledge 15 but only the level 0
>
> Thx,
> BBD 9Big Black Dog)
>
>
>
>
>
>
> "Erick B."
>
>
> <erickbe@yahoo.co To:
> pierreg@mail.planetkc.com,
> ccielab@groupstudy.com
> m> cc:
>
>
> Sent by:
> Subject: RE: privilege trick?
>
> nobody@groupstudy
>
>
> .com
>
>
>
>
>
>
>
>
> 06/23/2003 04:23
>
>
> AM
>
>
> Please respond to
>
>
> "Erick B."
>
>
>
>
>
>
>
>
>
>
>
>
> Have you tried priv level 0 and lowering just show
> ip
> protocols down to 0? I'm using level 0 on some of
> my
> stuff at work and hardly anything is available
> unless
> configured.
>
> --- pierreg <pierreg@mail.planetkc.com> wrote:
> > Thank you Frabrice
> >
> > I was looking for a solution without TACACS.
> >
> > (I am assuming that on the R&S lab they only use
> > local databases)
> >
> > I made note of your tip though!
> >
> > Pierre-Alex
> >
> > -----Original Message-----
> > From: Fabrice Bobes [mailto:study@6colabs.com]
> > Sent: Sunday, June 22, 2003 7:20 PM
> > To: 'pierreg '; ccielab@groupstudy.com
> > Subject: RE: privilege trick?
> >
> >
> > Pierre-Alex,
> >
> > You can do it with Tacacs and command
> authorization.
> > On your Tacacs server, under the section shell
> > command authorization
> > set,
> > you can specify for the command "show" the
> arguments
> > "permit ip
> > protocols" and "deny ip".
> > You need to configure your router accordingly to
> use
> > command
> > authorization.
> > I let you fiddle with your router :-) but if you
> > need more info, just
> > let me know.
> >
> > Thanks,
> >
> > Fabrice
> > http://www.6CoLabs.com
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com] On Behalf Of
> > pierreg
> > Sent: Sunday, June 22, 2003 10:09 AM
> > To: ccielab@groupstudy.com
> > Subject: privilege trick?
> >
> > Is it possible to give a user just "show ip
> > protocols" whithout giving
> > him/her all the other "show ip" commands.
> >
> > I have checked CCO, fiddled with the routers and
> > digged the archives,
> > but this does not seem to be possible. Can anyone
> > confirm?
> >
> > Thanks,
> >
> > Pierre-Alex
> >
> >
> >
>
This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:06 GMT-3