RE: Privilege level commands

From: Jonathan V Hays (jhays@jtan.com)
Date: Sat Aug 02 2003 - 14:23:24 GMT-3

• Next message: Amer Mdanat (amdanat): "RE: AW: ARP Question?"
• Previous message: Bob Arthurs: "OT: change firmware version on cat 6500 sups"
• Maybe in reply to: jfaure@sztele.com: "Privilege level commands"
• Next in thread: jfaure@sztele.com: "RE: Privilege level commands"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
jfaure@sztele.com
Sent: Saturday, August 02, 2003 12:53 PM
To: Jonathan V Hays
Cc: ccielab@groupstudy.com; nobody@groupstudy.com
Subject: RE: Privilege level commands

Yes, i have read this before, but there isn't a priviledge "mode" that
specifically applies to "displaying the running config". There are
different modes for interface, configure, exec, line, etc.

I don't see how you can achieve this. I don't totally understand how a
privilege n: x can be "remade" over specific commands. Must i define my
own
level 15 "command to command" without including the "show run". In deed
there is not enough granurality to do so or i don't see how to do it.

Regards

Juan Faure Ferrer
--------------

See example below. Is this what you are looking for? The example below
assigns vty lines 0, 1, and 2 to privilege level 2. Two vty lines are
reserved for senior administrators who can telnet to rotary line 1. See
below for example and demonstration.

Jonathan
-----
R1:
enable secret cisco
enable secret level 2 showonly
!
username junioradmin privilege 2 password 0 showonly
username senioradmin password 0 topsecret
!
privilege exec level 2 show
!
line vty 0 2
 login local
line vty 3 4
 login local
 rotary 1

R2:
r2#telnet r1
Trying r1 (150.1.1.1)... Open

User Access Verification

Username: junioradmin
Password:
r1#show privilege
Current privilege level is 2
r1#show ip int brief
Interface IP-Address OK? Method Status
Protocol
Ethernet0 150.1.10.1 YES NVRAM up
up
Loopback0 150.1.1.1 YES NVRAM up
up
Loopback1 195.1.1.1 YES NVRAM up
up
Loopback10 220.1.0.1 YES NVRAM up
up
Loopback11 220.1.1.1 YES NVRAM up
up
Loopback12 220.1.2.1 YES NVRAM up
up
Loopback13 220.1.3.1 YES NVRAM up
up
Serial0 150.1.14.1 YES NVRAM up
up
Serial1 150.1.12.1 YES NVRAM up
up
r1#sh run
       ^
% Invalid input detected at '^' marker.

r1#exit

[Connection to r1 closed by foreign host]
r2#telnet r1 3001
Trying r1 (150.1.1.1, 3001)... Open

User Access Verification

Username: senioradmin
Password:
r1>en
Password:
r1#show privilege
Current privilege level is 15
r1#sh users
    Line User Host(s) Idle Location
   0 con 0 idle 00:07:59
* 5 vty 3 senioradmi idle 00:00:00 150.1.12.2

  Interface User Mode Idle Peer
Address

r1#
r1#disable
r1>enable 2
Password:
r1#show privilege
Current privilege level is 2
r1#

• Next message: Amer Mdanat (amdanat): "RE: AW: ARP Question?"
• Previous message: Bob Arthurs: "OT: change firmware version on cat 6500 sups"
• Maybe in reply to: jfaure@sztele.com: "Privilege level commands"
• Next in thread: jfaure@sztele.com: "RE: Privilege level commands"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:51 GMT-3