From: Christian Sica (csica@liweb.net)
Date: Tue Nov 01 2005 - 21:05:57 GMT-3
Jim,
Just a thought, but you may want to research the menu feature. You could
solve this by forcing the user to a menu that only allows them to execute
the "show ip route" command, then disconnects their session.
HTH,
Christian
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun
_r/ffrprt1/frf004.htm#wp1019616
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Balogh, Jim
Sent: Tuesday, November 01, 2005 6:39 PM
To: ccielab@groupstudy.com
Subject: Privilege Levels again....
Is there a way to log off a user immediately after they execute the
command they were given permission to run? Example: I want a user to
ONLY do a 'show ip route' on the router and then be logged off:
username test privilege 7 password test
privilege exec level 7 show ip route
First problem....how do I log this user out AFTER they execute their
command?
Second problem, when I apply this to line vty 0 4, and telnet to this
router, I am allowed to do ANY 'show ip' command. How can I restrict
this to just 'show ip route'? TIA.
Jim
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:04 GMT-3