Re: privilage level

From: Paul Kingston (paul@vixtro.com)
Date: Sat Jun 18 2005 - 07:40:53 GMT-3

• Next message: Marcus: "Merging BGP backbone routers"
• Previous message: Scott Morris: "RE: ppp reliable link vs. ppp quality link"
• Maybe in reply to: John Matus: "privilage level"
• Next in thread: istong@stong.org: "RE: privilage level"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 Hi,

I have had the same issues with the privilege levels.

If you thought local levels were a pain to get working, try TACACS+ with eg.
Cisco ACS. It seems that users with eg. level 15 do not get the defaults
and full access is not full access, it doesn't seem to have any affect at
all with Cisco ACS. It would be great if anyone has a config of levels that
actually works.

I recently looked at config on a Cisco AP 1200 and none of the levels works
|as the didn't get the AP# when they logged in. All users seem to get the
AP>, including level 15.

If the following is used it defeats the point of privilege levels. If
anything below 15 is used you have to "disable" and "enable" to be able to
get full access of the device.

line con 0
privilege level 15

Why do you need the enable/secret password when a user has the rights only
to change parts of the router/switch etc. disable and enable allows that
user with the enable/secret password to have full access....

Regards,

Paul Kingston

Senior Cisco Lecturer - Cisco @ Monash
CCNP/Wireless Main Contact - Cisco @ Monash
Email: paul@vixtro.com

NOTICE: The information contained in this email is confidential. If you
are not the intended recipient, you must not disclose or use the information
in this email in any way. If you received it in error, please tell us
immediately by return email and delete the document. We do not guarantee
the integrity of any emails or attached files and are not responsible for
any changes made to them by any other person.

Where were we 10 years ago, where will we be in 10 years time, whatever the
dream may be the only way there is NOW!"
> ----- Original Message -----
> From: "John Matus" <john_matus@hotmail.com>
> To: <groupstudy@cconlinelabs.com>; <ccielab@groupstudy.com>
> Sent: Saturday, June 18, 2005 10:38 AM
> Subject: RE: privilege level
>
>
>> ok, i've given level 2 access to show the running config, and there is
>> limited output, but i did not give him access to , say show controller
>> e0,
>> but he can still see the info....what gives here?
>>
>> username test privilege 3 password 0 test <actually level 2 - i've heard
>> about this bug>
>>
>> privilege configure level 2 interface
>> privilege exec level 2 show running-config
>> privilege exec level 2 show
>>
>>
>> i even took away the "show" command and i'm still able to issue "show" in
>> exec mode.
>>
>>
>>
>>>From: "Tony Schaffran" <groupstudy@cconlinelabs.com>
>>>Reply-To: <groupstudy@cconlinelabs.com>
>>>To: "'John Matus'" <john_matus@hotmail.com>,<ccielab@groupstudy.com>
>>>Subject: RE: privilage level
>>>Date: Fri, 17 Jun 2005 13:46:18 -0700
>>>
>>>After you login, are you going into enable mode with the enable password?
>>>
>>>Tony Schaffran
>>>Network Analyst
>>>CCIE #11071
>>>CCNP, CCNA, CCDA,
>>>NNCDS, NNCSS, CNE, MCSE
>>>
>>>www.cconlinelabs.com
>>>Your #1 choice for online Cisco rack rentals.
>>>
>>>
>>>
>>>-----Original Message-----
>>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>>>John
>>>Matus
>>>Sent: Friday, June 17, 2005 12:16 PM
>>>To: ccielab@groupstudy.com
>>>Subject: privilage level
>>>
>>>
>>>i'm having trouble with privilage levels for users
>>>
>>>i create a user "username test priv 2 password test
>>>
>>>then i assign level 2 some commands to be able to access:
>>>
>>>priv exec level 2 show
>>>priv exec level 2 show running
>>>priv config level 2 interface e0/0
>>>priv interface level 2 ip access-group
>>>
>>>then i go to line vty 0 4
>>>priv level 2
>>>login local
>>>
>>>but when i telnet in as user "test" i am still able to access everthing
>>>....??
>>>what am i doing wrong?
>>>
>>>TIA
>>>
>>>_________________________________________________________________
>>>Express yourself instantly with MSN Messenger! Download today - it's
>>>FREE!
>>>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>>>
>>>_______________________________________________________________________
>>>Subscription information may be found at:
>>>http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>
>> _________________________________________________________________
>> Dont just search. Find. Check out the new MSN Search!
>> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

• Next message: Marcus: "Merging BGP backbone routers"
• Previous message: Scott Morris: "RE: ppp reliable link vs. ppp quality link"
• Maybe in reply to: John Matus: "privilage level"
• Next in thread: istong@stong.org: "RE: privilage level"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3