From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Sun Nov 26 2006 - 02:23:26 ART
That is correct, Danny. This is not a very restrictive list for the
show commands, since most of these are lower level (privilege) commands.
However, take note of the ? under the interface command. Also, for
example you can do the show commands, but not do show run within the
interface or global config level.
R1#config t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int fa0/0
R1(config-if)#?
Interface configuration commands:
default Set a command to its defaults
exit Exit from interface configuration mode
help Description of the interactive help system
no Negate a command or set its defaults
shutdown Shutdown the selected interface
R1(config-if)#exit
R1(config)#exit
R1#show ?
aaa Show AAA values
aal2 Show commands for AAL2
access-expression List access expression
access-lists List access lists
adjacency Adjacent nodes
alarm-interface Display information about a specific Alarm
Interface Card
aliases Display alias commands
alps Alps information
appletalk AppleTalk information
arap Show Appletalk Remote Access statistics
arp ARP table
async Information on terminal lines used as router
interfaces
auto Show Automation Template
backhaul-session-manager Backhaul Session Manager information
backup Backup status
bcm560x BCM560x HW Table
bgp BGP information
bridge Bridge Forwarding/Filtering Database
[verbose]
bsc BSC interface information
bstun BSTUN interface information
--More--
Dave Schulz,
Email: dschulz@dpsciences.com
-----Original Message-----
From: Danny Cox [mailto:dandermanuk@gmail.com]
Sent: Saturday, November 25, 2006 11:29 PM
To: Schulz, Dave
Cc: Cisco certification
Subject: Re: RE: Privilege levels on Cisco kit
Thanks Dave
I've just typed exactly that into a router and logged in from
another one. My available commands, when I type the ?, include a
large number which are not included in the list given to that level.
'show privilege' gives the right value though.
If I understand rightly, you've just typed that into a router -
would you type the ? mark and tell me what it shows as available
commands in privilege level 5 ? It isn't a very restrictive list on
my routers!
cheers
Danny
On 26/11/06, Schulz, Dave <DSchulz@dpsciences.com> wrote:
> Danny -
>
> This should work for you. You need to make sure that you allow the
> privileges to every command along the path to where you need to get to
> .....configure (exec).....interface (configure)....shut, no shut, etc.
>
> When you create a level (by default, there is only level 1 and 15),
you
> are actually bringing down the commands from level 15 to level 5 and
> allowing the user to execute them at this level. Here is a short
> example based on your level 5.....
>
> !
> !
> !
> !
> username TEST privilege 5 password 0 cisco
> !
> !
> privilege interface level 5 shutdown
> privilege interface level 5 no shutdown
> privilege interface level 5 no
> privilege configure level 5 interface
> privilege exec level 5 configure terminal
> privilege exec level 5 configure
> !
>
>
> From a remote router.....
>
> R2#
> R2#135.15.101.1
> Trying 135.15.101.1 ... Open
>
>
> User Access Verification
>
> Username: TEST
> Password:
> R1#show privilege
> Current privilege level is 5
> R1#
> R1#
> R1#config t
> Enter configuration commands, one per line. End with CNTL/Z.
> R1(config)#int fa0/0
>
> Hope this helps!
>
> Dave Schulz,
> Email: dschulz@dpsciences.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Danny Cox
> Sent: Saturday, November 25, 2006 9:29 PM
> To: Cisco certification
> Subject: Privilege levels on Cisco kit
>
> I thought this was simple and I understood levels, but I'm beginning
to
> think I have it backwards.
>
> I thought commands like
>
> R(config)# privilege exec level 5 configure terminal
>
> would create a level 5 with very little in it other than configure
> terminal
> in it - basically level 0 plus what I add extra. I haven't been able
to
> get
> it working and reading the docs suggests that what the above command
> does is
> different to what I thought. If I read it correctly, what the command
> does
> is to alter the privilege level of each individual command, not to
> create
> levels and add bits to it.
>
> If I 'enable 1' for example it has 'configure terminal' in its level
> until I
> issue the above command.
>
> So .. this suggests that to have a privilege level with just 'config
t'
> plus
> the few basics in it, I need to alter the privilege levels associated
> with
> all the other commands, otherwise, having issued the following:
>
>
> I get the following. I hope my description makes sense! Anyone
> comment?
> I've just done a lab which asked for interface commands to be the only
> thing
> available and the solution sheet just gave about 6 lines of config.
> What
> I'm describing would need many more but that's the only thing which
> seems to
> work.
>
> Any insight folks?
>
> cheers
> Danny
>
> Rack1R4#enable 1
> Rack1R4>?
> Exec commands:
> access-enable Create a temporary Access-List entry
> access-profile Apply user-profile to interface
> clear Reset functions
> connect Open a terminal connection
> disable Turn off privileged commands
> disconnect Disconnect an existing network connection
> enable Turn on privileged commands
> exit Exit from the EXEC
> help Description of the interactive help system
> lat Open a lat connection
> lock Lock the terminal
> login Log in as a particular user
> logout Exit from the EXEC
> modemui Start a modem-like user interface
> mrinfo Request neighbor and version information from a
> multicast
> router
> mstat Show statistics after multiple multicast
traceroutes
> mtrace Trace reverse multicast path from destination to
> source
> name-connection Name an existing network connection
> pad Open a X.29 PAD connection
> ppp Start IETF Point-to-Point Protocol (PPP)
> resume Resume an active network connection
> rlogin Open an rlogin connection
> show Show running system information
> slip Start Serial-line IP (SLIP)
> systat Display information about terminal lines
> tclquit Quit Tool Command Language shell
> telnet Open a telnet connection
> terminal Set terminal line parameters
> tn3270 Open a tn3270 connection
> traceroute Trace route to destination
> tunnel Open a tunnel connection
> udptn Open an udptn connection
> where List active connections
> x28 Become an X.28 PAD
> x3 Set X.3 parameters on PAD
>
>
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART