From: Volkov, Dmitry (IDS Canada) (dmitry_volkov@ca.ml.com)
Date: Sat Aug 02 2003 - 16:09:54 GMT-3
Juan,
Check this:
http://www.cisco.com/en/US/tech/tk583/tk642/technologies_tech_note09186a0080
0949d5.shtml
> -----Original Message-----
> From: jfaure@sztele.com [mailto:jfaure@sztele.com]
> Sent: Saturday, August 02, 2003 1:32 PM
> To: Jonathan V Hays
> Cc: ccielab@groupstudy.com
> Subject: RE: Privilege level commands
>
>
> Hi Jonathan:
>
> Sorry for my bad English. It seems it's difficult to me to properly
> communicate what i want to do. It isn't the case of the
> example you sent
> before.
>
> I'd like to have a user that can:
> -See details about all the system, and ALSO DO A SH RUN
> -The only thing he CAN'T do is to configure the system
>
> Regards
>
>
>
>
>
> Juan Faure Ferrer
> email: jfaure@sztele.com
>
> Lmnea de Negocio de Telematica y CC
> Ingeniero de Integracisn de Redes y Sistemas
> --------------------------------------------------------------
> --------------
>
> SOLUZIONA TELECOMUNICACIONES
> Servicios Profesionales de UNION FENOSA
> Jerez, 3
> 28016 MADRID
> tel 91 579 30 00 fax 91 350 72 83
> --------------------------------------------------------------
> -------------
>
>
>
>
>
> "Jonathan V
>
> Hays" Para:
> <jfaure@sztele.com>
> <jhays@jtan.co cc:
> <ccielab@groupstudy.com>
> m> Asunto: RE:
> Privilege level commands
>
>
> 02/08/03 19:23
>
>
>
>
>
>
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> Behalf Of
> jfaure@sztele.com
> Sent: Saturday, August 02, 2003 12:53 PM
> To: Jonathan V Hays
> Cc: ccielab@groupstudy.com; nobody@groupstudy.com
> Subject: RE: Privilege level commands
>
>
> Yes, i have read this before, but there isn't a priviledge "mode" that
> specifically applies to "displaying the running config". There are
> different modes for interface, configure, exec, line, etc.
>
> I don't see how you can achieve this. I don't totally
> understand how a
> privilege n: x can be "remade" over specific commands. Must i
> define my
> own
> level 15 "command to command" without including the "show
> run". In deed
> there is not enough granurality to do so or i don't see how to do it.
>
> Regards
>
> Juan Faure Ferrer
> --------------
>
> See example below. Is this what you are looking for? The example below
> assigns vty lines 0, 1, and 2 to privilege level 2. Two vty lines are
> reserved for senior administrators who can telnet to rotary
> line 1. See
> below for example and demonstration.
>
> Jonathan
> -----
> R1:
> enable secret cisco
> enable secret level 2 showonly
> !
> username junioradmin privilege 2 password 0 showonly
> username senioradmin password 0 topsecret
> !
> privilege exec level 2 show
> !
> line vty 0 2
> login local
> line vty 3 4
> login local
> rotary 1
>
> R2:
> r2#telnet r1
> Trying r1 (150.1.1.1)... Open
>
>
> User Access Verification
>
> Username: junioradmin
> Password:
> r1#show privilege
> Current privilege level is 2
> r1#show ip int brief
> Interface IP-Address OK? Method Status
> Protocol
> Ethernet0 150.1.10.1 YES NVRAM up
> up
> Loopback0 150.1.1.1 YES NVRAM up
> up
> Loopback1 195.1.1.1 YES NVRAM up
> up
> Loopback10 220.1.0.1 YES NVRAM up
> up
> Loopback11 220.1.1.1 YES NVRAM up
> up
> Loopback12 220.1.2.1 YES NVRAM up
> up
> Loopback13 220.1.3.1 YES NVRAM up
> up
> Serial0 150.1.14.1 YES NVRAM up
> up
> Serial1 150.1.12.1 YES NVRAM up
> up
> r1#sh run
> ^
> % Invalid input detected at '^' marker.
>
> r1#exit
>
> [Connection to r1 closed by foreign host]
> r2#telnet r1 3001
> Trying r1 (150.1.1.1, 3001)... Open
>
>
> User Access Verification
>
> Username: senioradmin
> Password:
> r1>en
> Password:
> r1#show privilege
> Current privilege level is 15
> r1#sh users
> Line User Host(s) Idle Location
> 0 con 0 idle 00:07:59
> * 5 vty 3 senioradmi idle 00:00:00 150.1.12.2
>
> Interface User Mode Idle Peer
> Address
>
> r1#
> r1#disable
> r1>enable 2
> Password:
> r1#show privilege
> Current privilege level is 2
> r1#
>
>
> ______________________________________________________________
> _________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:52 GMT-3