Privilege levels on Cisco kit

From: Danny Cox (dandermanuk@gmail.com)
Date: Sat Nov 25 2006 - 23:28:53 ART

• Next message: Michael Zuo: "Definition of VoIP traffic"
• Previous message: Kal Han: "rate-limiting actions."
• Next in thread: Schulz, Dave: "RE: Privilege levels on Cisco kit"
• Maybe reply: Schulz, Dave: "RE: Privilege levels on Cisco kit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I thought this was simple and I understood levels, but I'm beginning to
think I have it backwards.

I thought commands like

   R(config)# privilege exec level 5 configure terminal

would create a level 5 with very little in it other than configure terminal
in it - basically level 0 plus what I add extra. I haven't been able to get
it working and reading the docs suggests that what the above command does is
different to what I thought. If I read it correctly, what the command does
is to alter the privilege level of each individual command, not to create
levels and add bits to it.

If I 'enable 1' for example it has 'configure terminal' in its level until I
issue the above command.

So .. this suggests that to have a privilege level with just 'config t' plus
the few basics in it, I need to alter the privilege levels associated with
all the other commands, otherwise, having issued the following:

I get the following. I hope my description makes sense! Anyone comment?
I've just done a lab which asked for interface commands to be the only thing
available and the solution sheet just gave about 6 lines of config. What
I'm describing would need many more but that's the only thing which seems to
work.

Any insight folks?

cheers
Danny

Rack1R4#enable 1
Rack1R4>?
Exec commands:
  access-enable Create a temporary Access-List entry
  access-profile Apply user-profile to interface
  clear Reset functions
  connect Open a terminal connection
  disable Turn off privileged commands
  disconnect Disconnect an existing network connection
  enable Turn on privileged commands
  exit Exit from the EXEC
  help Description of the interactive help system
  lat Open a lat connection
  lock Lock the terminal
  login Log in as a particular user
  logout Exit from the EXEC
  modemui Start a modem-like user interface
  mrinfo Request neighbor and version information from a multicast
                   router
  mstat Show statistics after multiple multicast traceroutes
  mtrace Trace reverse multicast path from destination to source
  name-connection Name an existing network connection
  pad Open a X.29 PAD connection
  ppp Start IETF Point-to-Point Protocol (PPP)
  resume Resume an active network connection
  rlogin Open an rlogin connection
  show Show running system information
  slip Start Serial-line IP (SLIP)
  systat Display information about terminal lines
  tclquit Quit Tool Command Language shell
  telnet Open a telnet connection
  terminal Set terminal line parameters
  tn3270 Open a tn3270 connection
  traceroute Trace route to destination
  tunnel Open a tunnel connection
  udptn Open an udptn connection
  where List active connections
  x28 Become an X.28 PAD
  x3 Set X.3 parameters on PAD

• Next message: Michael Zuo: "Definition of VoIP traffic"
• Previous message: Kal Han: "rate-limiting actions."
• Next in thread: Schulz, Dave: "RE: Privilege levels on Cisco kit"
• Maybe reply: Schulz, Dave: "RE: Privilege levels on Cisco kit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART