From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Sun Nov 26 2006 - 00:54:57 ART
Danny -
This should work for you. You need to make sure that you allow the
privileges to every command along the path to where you need to get to
.....configure (exec).....interface (configure)....shut, no shut, etc.
When you create a level (by default, there is only level 1 and 15), you
are actually bringing down the commands from level 15 to level 5 and
allowing the user to execute them at this level. Here is a short
example based on your level 5.....
!
!
!
!
username TEST privilege 5 password 0 cisco
!
!
privilege interface level 5 shutdown
privilege interface level 5 no shutdown
privilege interface level 5 no
privilege configure level 5 interface
privilege exec level 5 configure terminal
privilege exec level 5 configure
!
From a remote router.....
R2#
R2#135.15.101.1
Trying 135.15.101.1 ... Open
User Access Verification
Username: TEST
Password:
R1#show privilege
Current privilege level is 5
R1#
R1#
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int fa0/0
Hope this helps!
Dave Schulz,
Email: dschulz@dpsciences.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Danny Cox
Sent: Saturday, November 25, 2006 9:29 PM
To: Cisco certification
Subject: Privilege levels on Cisco kit
I thought this was simple and I understood levels, but I'm beginning to
think I have it backwards.
I thought commands like
R(config)# privilege exec level 5 configure terminal
would create a level 5 with very little in it other than configure
terminal
in it - basically level 0 plus what I add extra. I haven't been able to
get
it working and reading the docs suggests that what the above command
does is
different to what I thought. If I read it correctly, what the command
does
is to alter the privilege level of each individual command, not to
create
levels and add bits to it.
If I 'enable 1' for example it has 'configure terminal' in its level
until I
issue the above command.
So .. this suggests that to have a privilege level with just 'config t'
plus
the few basics in it, I need to alter the privilege levels associated
with
all the other commands, otherwise, having issued the following:
I get the following. I hope my description makes sense! Anyone
comment?
I've just done a lab which asked for interface commands to be the only
thing
available and the solution sheet just gave about 6 lines of config.
What
I'm describing would need many more but that's the only thing which
seems to
work.
Any insight folks?
cheers
Danny
Rack1R4#enable 1
Rack1R4>?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
clear Reset functions
connect Open a terminal connection
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lat Open a lat connection
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
modemui Start a modem-like user interface
mrinfo Request neighbor and version information from a
multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to
source
name-connection Name an existing network connection
pad Open a X.29 PAD connection
ppp Start IETF Point-to-Point Protocol (PPP)
resume Resume an active network connection
rlogin Open an rlogin connection
show Show running system information
slip Start Serial-line IP (SLIP)
systat Display information about terminal lines
tclquit Quit Tool Command Language shell
telnet Open a telnet connection
terminal Set terminal line parameters
tn3270 Open a tn3270 connection
traceroute Trace route to destination
tunnel Open a tunnel connection
udptn Open an udptn connection
where List active connections
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART