From: Victor Cappuccio (victor@ccbootcamp.com)
Date: Tue Apr 17 2007 - 04:11:02 ART
Hi Phuc,
Role Base System is like configuring a Unix stile in Cisco router ;)
The first thing is to enable aaa
aaa new-model
enables different level of authentication atorization and accounting
from here we need to move into the Root mode and default default password
would be the enable secret password
R1(config)#enable secret cisco
R1(config)#aaa new-model
R1(config)#exit
R1#
*Apr 17 07:05:27.238: %SYS-5-CONFIG_I: Configured from console by cons
R1#enable view
Password:
!PASSWORD HERE IS cisco
R1#
*Apr 17 07:05:34.350: %PARSER-6-VIEW_SWITCH: successfully set to view 'root'.
R1#
So now we can configure view for different users
(like 15 different view)
using the parser view you can configure other views
monitor or something else
to configure a password to that view use the secret command
and to set the commands available or that view use command
R1#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#parser ?
% Ambiguous command: "parser "
but you can still complete the command and that would be accepted by the IOS
R1(config)#parser view monitor
R1(config-view)#
*Apr 17 07:09:24.850: %PARSER-6-VIEW_CREATED: view 'monitor' successfully
created.?
View commands:
commands Configure commands for a view
default Set a command to its defaults
exit Exit from view configuration mode
no Negate a command or set its defaults
secret Set a secret for the current view
R1(config-view)#secret cisco
R1(config-view)#commands exec ?
exclude Exclude the command from the view
include Add command to the view
include-exclusive Include in this view but exclude from others
R1(config-view)#commands exec include show ver
to get into the view level
R1#enable view monitor
Password:
R1#show ?
flash: display information about flash: file system
parser Display parser information
version System hardware and software status
So only show version is available for this view
R1#show ver | in IOS
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version
12.4(7a), RELEASE SOFTWARE (fc3)
HTH
thanks,
Victor Cappuccio.-
Network Learning Inc - A Cisco Sponsored Organization (SO) YES! We take
Cisco Learning credits!
victor@ccbootcamp.com
http://www.ccbootcamp.com (Cisco Training and Rental Racks)
http://www.ccbootcamp.com/groupstudy.html (groupstudy member discounts!)
Voice: 702-968-5100
FAX: 702-446-8012
-----Original Message-----
From: nobody@groupstudy.com on behalf of nhatphuc
Sent: Tue 4/17/2007 4:33
To: Cisco certification
Subject: Role-base CLI
Hi Group,
I'm configuring Role-base CLI
My config as follows:
enable password cisco
aaa new-model
aaa authentication login default none
aaa authentication login TELNET group radius
aaa authentication enable default enable
interface GigabitEthernet0/0
ip address 192.168.1.99 255.255.255.0
duplex auto
speed auto
!
radius-server local
nas 192.168.1.99 key 0 cisco
group User
block count 2 time 15
!
user user1 pass user1
!
radius-server host 192.168.1.99 auth-port 1812 acct-port 1813 key cisco
line con 0
line aux 0
transport input telnet
line vty 0 4
login authentication TELNET
When I enable root view, router says authentication failed although I input
the correct password cisco:
Router#enable view
Password:
% Authentication failed
If I delete these commands:
aaa authentication login default none
aaa authentication login TELNET group radius
aaa authentication enable default enable
I can enable root view using enable password.
How can I configure Role-base CLI together with aaa authentication?
Thanks
Phuc
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:36 ART