RE: Privilege Level & sh run

From: Amir.Tahir/Wateen/Lahore (Amir.Tahir@wateen.com)
Date: Thu Jun 26 2008 - 04:36:37 ART

• Next message: Scott Morris: "RE: Shine On You Crazy Diamond"
• Previous message: CCIETalk.com: "Re: How to access Lab Remotely..."
• Maybe in reply to: Amir.Tahir/Wateen/Lahore: "Privilege Level & sh run"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thank you for the feedback.

On simulation I have successful implemented the Rotary line command and
successfully execute the command and R1 close the connection once Sh run
configuration have been displayed. One additional command I have to give
to retrieve complete configuration is Privilege level 15....

Now I am trying to implement on my production router 7606.. and router
force me to use aaa authentication.

Could you please let me know what role the following line will play

"aaa authentication login line-auth line"

And can I assign it on my line vty 5

Other conf are as follows

line vty 5

 privilege level 15

 password 7 -------

 rotary 20

 autocommand show running-config

Please also let me know what will be the rotary line (is it 3020 or
something else)

Regards

__________________

Amir Tahir

From: petrsoft@gmail.com [mailto:petrsoft@gmail.com] On Behalf Of Petr
Lapukhov
Sent: Thursday, June 26, 2008 11:16 AM
To: Amir.Tahir/Wateen/Lahore
Cc: ccielab@groupstudy.com
Subject: Re: Privilege Level & sh run

Hi,

1) Ensure you moved all "config" or "interface" modes etc commands, that
you want user to see in the running config, to a level assigned to the
user (e.g. level 3 or 5)

for instance:

privilege interface level 3 ip address

privilege configure level 3 interface

privilege exec level 3 show running-config

Ensure the user has no access to "configure" exec mode command

2) Assign a vty into a rotary group (e.g. rotary 10) and then telnet to
"7010" port on the router. Attach an "autocommand" to the line, so that
this command gets executed once someone logs into the router

line vty 4

rotary 10

privilege level 3

autocommand show run

..

#telnet router.cisco.com 7010

HTH

--
Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice)
petr@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
2008/6/26 Amir.Tahir/Wateen/Lahore <Amir.Tahir@wateen.com>:
Hi Experts,
I am trying to give my client  privilege to check sh running
configuration but won't allow him to go to configuration level. I tried
to control it with Privilege level but Router does not show full
configuration on Level 3 or level 5.
In addition, if I am not wrong, we could set a router in such a way that
if someone telnet on specified line, we could give him output as sh run
and close the connection.
I will be thankful if you could give me a reference or guide me how to
handle this task
Thanks for help in advance
Regards/AT
__________________

• Next message: Scott Morris: "RE: Shine On You Crazy Diamond"
• Previous message: CCIETalk.com: "Re: How to access Lab Remotely..."
• Maybe in reply to: Amir.Tahir/Wateen/Lahore: "Privilege Level & sh run"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART