Re: Basic privilege issue

From: nhatphuc (nhatphuc@gmail.com)
Date: Fri Jan 04 2008 - 16:56:03 ARST

• Next message: Muhammad Saleem: "RE: How to break ping & traceroute"
• Previous message: Paul Cosgrove: "Re: Good explanation for "area nssa translate"?"
• Maybe in reply to: YourPal: "Basic privilege issue"
• Next in thread: Farrukh Haroon: "Re: Basic privilege issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try this example:

enable password cisco
!
ip cef
!
username test privilege 2 password 0 cisco
!
interface Loopback0
 ip address 1.1.1.1 255.0.0.0
!
router rip
 network 1.0.0.0
!
ip http server
no ip http secure-server
!
privilege configure all level 2 router
privilege configure all level 2 interface
privilege configure all level 2 enable
privilege exec level 2 show running-config
privilege exec level 2 show

When login with user test, privilege 2, you can see interface, router
configuration and all commands start with enable

Use all keyword to allow user to see suboptions

HTH

Phuc

On Jan 5, 2008 1:03 AM, YourPal <dearprudence28@gmail.com> wrote:

> Hi Farrukh,
>
> Great technote!
>
> If I understand it correctly, a user can't see in the output of "sh run"
> what he can't configure at his privilege level or below.
>
> In other words, for my case I need at least the command "privilege exec
> level 7 configure terminal" (plus a host of other privilege commands) in
> order to allow him to see the selected commands. This at the same time
> allows him to configure those commands.
>
> In summary, my requirement of allowing a user to view the complete "sh
> run"
> but not permitting him to configure anything cannot be achieved.
>
> Please advise.
>
>
> Thank you.
>
> BR,
> Emil
>
>
> On 1/5/08, Farrukh Haroon <farrukhharoon@gmail.com> wrote:
> >
> > Hello Emil
> >
> > Have a look at this:
> >
> >
> >
> http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
> >
> > Regards
> >
> > Farrukh
> >
> >
> > On Jan 4, 2008 6:43 PM, YourPal <dearprudence28@gmail.com> wrote:
> >
> > > Hi Group,
> > >
> > > I have a basic problem but can't seem to figure out why. Hope someone
> > > can explain it to me. Router config as follows:
> > > !
> > > username test privilege 7 password 0 test
> > > !
> > > privilege exec level 7 show running-config
> > > !
> > > line vty 0 4
> > > login local
> > > !
> > >
> > > When user "test" telnets in and issues the command "sh run", he sees a
> > > blank
> > > config. Why is it so? I'd like him to be able to view the config.
> > >
> > >
> > > Thank you.
> > >
> > > BR,
> > > Emil
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Muhammad Saleem: "RE: How to break ping & traceroute"
• Previous message: Paul Cosgrove: "Re: Good explanation for "area nssa translate"?"
• Maybe in reply to: YourPal: "Basic privilege issue"
• Next in thread: Farrukh Haroon: "Re: Basic privilege issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:57 ARST