RE: privilege level 1, get more options than i want

From: Alex Steer (alex.steer@eison.co.uk)
Date: Wed Oct 17 2007 - 15:29:46 ART

• Next message: Andrey Slastenov: "PPTP Access Concentrator"
• Previous message: Rich Collins: "Re: privilege level 1, get more options than i want"
• Maybe in reply to: Alex Steer: "privilege level 1, get more options than i want"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I think "privilege interface level 2 shutdown" includes "no shutdown"

I wonder if the IE guys have any ideas (they asked the question).

From: Rich Collins [mailto:nilsi2002@gmail.com]
Sent: 17 October 2007 19:25
To: Gregory Gombas
Cc: Alex Steer; ccielab@groupstudy.com
Subject: Re: privilege level 1, get more options than i want

I got pretty close with this configuration (using level 2). I didn't
find a way to limit it to one specific interface however.

!
privilege interface level 2 shutdown
privilege interface level 2 no shutdown
privilege interface level 2 no
privilege configure level 2 interface
privilege exec level 2 configure terminal
privilege exec level 2 configure
!
line con 0

Rack1R5#enable 2
*Oct 17 12:17: 29.459: %SYS-5-CONFIG_I: Configured from console by
console
Rack1R5#conf t

Rack1R5(config)#?
Configure commands:
  atm Enable ATM SLM Statistics
  call Configure Call parameters
  default Set a command to its defaults
  dss Configure dss parameters
  end Exit from configure mode
  exit Exit from configure mode
  help Description of the interactive help system
  interface Select an interface to configure
  no Negate a command or set its defaults

Rack1R5(config)#int serial 1/0
Rack1R5(config-if)#?
Interface configuration commands:
  default Set a command to its defaults
  exit Exit from interface configuration mode
  help Description of the interactive help system
  no Negate a command or set its defaults
  shutdown Shutdown the selected interface

Rack1R5(config-if)#

-Rich

On 10/16/07, Gregory Gombas <ggombas@gmail.com> wrote:

I find it strange that privelege 1 has access to the reload
command...what happens when you try to execute a reload?

Also what happens when you type:
conf t
int loop 0

Perhaps it shows the interfaces but doesn't let you configure them?

On 10/15/07, Alex Steer <alex.steer@eison.co.uk> wrote:
> I'm doing a lab where I have been asked to configure a user that only
> has access to shut no shut on a specific interface. Some of the
> following has been put in automatically (I assume because I didn't
> configure the "privilege interface level 1 no" command) I have tried
> adding
>
> priv configure all level 15 interface
>
> priv configure level 1 interface serial 0/0
>
> but doesn't work
>
>
>
> privilege interface level 1 shutdown
>
> privilege interface level 1 no shutdown
>
> privilege interface level 1 no
>
> privilege configure all level 15 interface range
>
> privilege configure all level 1 interface
>
> privilege exec level 1 configure terminal
>
> privilege exec level 1 configure
>
> privilege exec all level 2 show
>
>
>
> anyway, when I login as the username test priv 1 I get loads of
> commands...
>
> ...
>
> ppp Start IETF Point-to-Point Protocol (PPP)
>
> pwd Display current working directory
>
> reload Halt and perform a cold restart
>
> rename Rename a file
>
> restart Restart Connection
>
> resume Resume an active network connection
>
> rlogin Open an rlogin connection
>
> rsh Execute a remote command
>
> sdlc Send SDLC test frames
>
> send Send a message to other tty lines
>
> setup Run the SETUP command facility
>
> show Show running system information
>
> slip Start Serial-line IP (SLIP)
>
> squeeze Squeeze a filesystem
>
> start-chat Start a chat-script on a line
>
> systat Display information about terminal lines
>
> tarp TARP (Target ID Resolution Protocol) commands
>
> tclquit Quit Tool Command Language shell
>
> tclsh Tool Command Language shell
>
> telnet Open a telnet connection
>
> terminal Set terminal line parameters
>
> test Test subsystems, memory, and interfaces
>
> tn3270 Open a tn3270 connection
>
> etc etc etc...
>
>
>
>
>
> when I conf t I don't get many commands
>
>
>
> Router(config)>?
>
> Configure commands:
>
> call Configure Call parameters
>
> default Set a command to its defaults
>
> dss Configure dss parameters
>
> end Exit from configure mode
>
> exit Exit from configure mode
>
> help Description of the interactive help system
>
> interface Select an interface to configure
>
> no Negate a command or set its defaults
>
>
>
>
>
> when I issue an "interface" command I get
>
>
>
> Router4(config)>interface ?
>
> Async Async interface
>
> BVI Bridge-Group Virtual Interface
>
> CTunnel CTunnel interface
>
> Dialer Dialer interface
>
> Ethernet IEEE 802.3
>
> Group-Async Async Group interface
>
> Loopback Loopback interface
>
> MFR Multilink Frame Relay bundle interface
>
> Multilink Multilink-group interface
>
> Null Null interface
>
> Serial Serial
>
> TokenRing IEEE 802.5
>
> Tunnel Tunnel interface
>
> Vif PGM Multicast Host interface
>
> Virtual-Template Virtual Template interface
>
> Virtual-TokenRing Virtual TokenRing
>
> range interface range command
>
>
>
> I only want to give access to serial0/0
>
>
>
> Anybody suggest what rubbish I have produced please?
>
>
>
> Thanks
>
>
>
> Alex
>
>
>
>
> ______________________________________________________________________

> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________

>
>

• Next message: Andrey Slastenov: "PPTP Access Concentrator"
• Previous message: Rich Collins: "Re: privilege level 1, get more options than i want"
• Maybe in reply to: Alex Steer: "privilege level 1, get more options than i want"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:15 ART