From: john matijevic (john.matijevic@gmail.com)
Date: Mon Sep 19 2005 - 07:36:51 GMT-3
Hello Mohamed,
I gather the following information off of Cisco web site:
Understanding Privilege Settings
Most commands in the PIX are at level 15, although a few are at level 0. To
show current settings for all commands, issue the following command.
*show privilege all*
Most commands are at level 15 by default, as shown in the following example.
*privilege configure level 15 command route*
A few are at level 0, as shown in the following example.
*privilege show level 0 command curpriv*
The following examples address the *clock* command. To determine the current
settings for the *clock* command, issue the following command.
*show privilege command clock*
The output of the *show privilege command clock* command shows us the *clock
* command exists in the following three forms.
*!--- Users at level 15 can issue the show clock command.**privilege
show level 15 command clock**!--- Users at level 15 can issue the
clear clock command.**Privilege clear level 15 command clock**!---
Users at level 15 can configure the clock
!--- (for example, clock set 12:00:00 Jan 01 2001).**privilege
configure level 15 command clock*
see the following link for additional details:
http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_tech_
note09186a00800949d6.shtml
Sincerely,
John
On 9/19/05, Mohamed.N <mohamed_n@sifycorp.com> wrote:
>
> Hi All,
> Sorry for OT.But i spent lot of time in this.
> I want to add a user in pix, who can do only this 2 commands
> show crypto isakmp sa
> show interface
> This user should not save the config,goto config mode or be able to do any
> config changes.
>
> I tried searching many pages.
> I tried using these commands
>
> enable password XXXX level 2
> username user pass XXXX priv 2
> privilege show level 2 command crypto
> privilege show level 2 command interface
>
> But there is no restriction.If i choose level 1 or 0,i am unable to goto
> enable mode at all,so i cant use the commands show crypto
>
> Also i want to know what is difference between level 1 ,level 2 like
> that..and
> what significance it has in controlling the access to PIX ?
>
>
> Regards
> N Mohamed
> Senior Network Engineer
> Technology-MIITS
> Sify Ltd
> Phone : +91-44-22540777 extn: 2082
> Mobile : +91-98401-27734
> Email : mohamed_n@sifycorp.com
> ********** DISCLAIMER **********
> Information contained and transmitted by this E-MAIL is proprietary to
> Sify Limited and is intended for use only by the individual or entity to
> which it is addressed, and may contain information that is privileged,
> confidential or exempt from disclosure under applicable law. If this is a
> forwarded message, the content of this E-MAIL may not have been sent with
> the authority of the Company. If you are not the intended recipient, an
> agent of the intended recipient or a person responsible for delivering the
> information to the named recipient, you are notified that any use,
> distribution, transmission, printing, copying or dissemination of this
> information in any way or in any manner is strictly prohibited. If you
> have
> received this communication in error, please delete this mail & notify us
> immediately at admin@sifycorp.com
>
> www.sify.com <http://www.sify.com> - your homepage on the internet for
> news, sports, finance,
> astrology, movies, entertainment, food, languages etc
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- John Matijevic, CCIE #13254 U.S. Installation Group Senior Network Engineer 954-969-7160 ext. 1147 (office) 305-321-6232 (cell)
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3