From: Danny Cox (dandermanuk@gmail.com)
Date: Sun Nov 26 2006 - 01:28:49 ART
Thanks Dave
I've just typed exactly that into a router and logged in from
another one. My available commands, when I type the ?, include a
large number which are not included in the list given to that level.
'show privilege' gives the right value though.
If I understand rightly, you've just typed that into a router -
would you type the ? mark and tell me what it shows as available
commands in privilege level 5 ? It isn't a very restrictive list on
my routers!
cheers
Danny
On 26/11/06, Schulz, Dave <DSchulz@dpsciences.com> wrote:
> Danny -
>
> This should work for you. You need to make sure that you allow the
> privileges to every command along the path to where you need to get to
> .....configure (exec).....interface (configure)....shut, no shut, etc.
>
> When you create a level (by default, there is only level 1 and 15), you
> are actually bringing down the commands from level 15 to level 5 and
> allowing the user to execute them at this level. Here is a short
> example based on your level 5.....
>
> !
> !
> !
> !
> username TEST privilege 5 password 0 cisco
> !
> !
> privilege interface level 5 shutdown
> privilege interface level 5 no shutdown
> privilege interface level 5 no
> privilege configure level 5 interface
> privilege exec level 5 configure terminal
> privilege exec level 5 configure
> !
>
>
> From a remote router.....
>
> R2#
> R2#135.15.101.1
> Trying 135.15.101.1 ... Open
>
>
> User Access Verification
>
> Username: TEST
> Password:
> R1#show privilege
> Current privilege level is 5
> R1#
> R1#
> R1#config t
> Enter configuration commands, one per line. End with CNTL/Z.
> R1(config)#int fa0/0
>
> Hope this helps!
>
> Dave Schulz,
> Email: dschulz@dpsciences.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Danny Cox
> Sent: Saturday, November 25, 2006 9:29 PM
> To: Cisco certification
> Subject: Privilege levels on Cisco kit
>
> I thought this was simple and I understood levels, but I'm beginning to
> think I have it backwards.
>
> I thought commands like
>
> R(config)# privilege exec level 5 configure terminal
>
> would create a level 5 with very little in it other than configure
> terminal
> in it - basically level 0 plus what I add extra. I haven't been able to
> get
> it working and reading the docs suggests that what the above command
> does is
> different to what I thought. If I read it correctly, what the command
> does
> is to alter the privilege level of each individual command, not to
> create
> levels and add bits to it.
>
> If I 'enable 1' for example it has 'configure terminal' in its level
> until I
> issue the above command.
>
> So .. this suggests that to have a privilege level with just 'config t'
> plus
> the few basics in it, I need to alter the privilege levels associated
> with
> all the other commands, otherwise, having issued the following:
>
>
> I get the following. I hope my description makes sense! Anyone
> comment?
> I've just done a lab which asked for interface commands to be the only
> thing
> available and the solution sheet just gave about 6 lines of config.
> What
> I'm describing would need many more but that's the only thing which
> seems to
> work.
>
> Any insight folks?
>
> cheers
> Danny
>
> Rack1R4#enable 1
> Rack1R4>?
> Exec commands:
> access-enable Create a temporary Access-List entry
> access-profile Apply user-profile to interface
> clear Reset functions
> connect Open a terminal connection
> disable Turn off privileged commands
> disconnect Disconnect an existing network connection
> enable Turn on privileged commands
> exit Exit from the EXEC
> help Description of the interactive help system
> lat Open a lat connection
> lock Lock the terminal
> login Log in as a particular user
> logout Exit from the EXEC
> modemui Start a modem-like user interface
> mrinfo Request neighbor and version information from a
> multicast
> router
> mstat Show statistics after multiple multicast traceroutes
> mtrace Trace reverse multicast path from destination to
> source
> name-connection Name an existing network connection
> pad Open a X.29 PAD connection
> ppp Start IETF Point-to-Point Protocol (PPP)
> resume Resume an active network connection
> rlogin Open an rlogin connection
> show Show running system information
> slip Start Serial-line IP (SLIP)
> systat Display information about terminal lines
> tclquit Quit Tool Command Language shell
> telnet Open a telnet connection
> terminal Set terminal line parameters
> tn3270 Open a tn3270 connection
> traceroute Trace route to destination
> tunnel Open a tunnel connection
> udptn Open an udptn connection
> where List active connections
> x28 Become an X.28 PAD
> x3 Set X.3 parameters on PAD
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART