From: Brad Ellis (brad@ccbootcamp.com)
Date: Mon Nov 03 2008 - 22:48:55 ARST
Here's a great way of doing it with priv. level 2:
Anything you want them to have access to (examples):
privilege exec level 2 traceroute
privilege exec level 2 ping
privilege exec level 2 disable
privilege exec level 2 where
privilege exec level 2 name-connection
privilege exec level 2 send *
privilege exec level 2 send
privilege exec level 2 terminal
privilege exec level 2 show clock
privilege exec level 2 clear line
privilege exec level 2 clear
anything that you DON'T want them to have access to (example):
privilege exec level 15 show terminal
Let me know if that helps.
thanks,
Brad Ellis
CCIE#5796 (R&S / Security)
CCSI# 30482
CEO / President
CCBOOTCAMP - A Cisco Sponsored Organization (SO)
Email: brad@ccbootcamp.com
Toll Free: 877-654-2243
International: +1-702-968-5100
Skype: skype:ccbootcamp?call
FAX: +1-702-446-8012
YES! We take Cisco Learning Credits!
Training And Remote Racks: http://www.ccbootcamp.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
darth router
Sent: Monday, November 03, 2008 3:58 PM
To: ccie forum
Subject: IOS privileges for helpdesk
fellas/ladies,
Few questions on this.
1. with the below config, can I get this to work somehow ? I do not want
to
get rid of the enable pass. It will not work with the current config.
2. is there a way to have more than 1 enable pass with a diff priv level
set
for helpdesk (haven't been able to get this to work)
3. Is there a way to clear all commands from a privilege level, mtrace,
ping, etc...? I can see in the doc CD how to add, but not remove default
commands.
aaa authentication login default local line
aaa authentication enable default enable
enable secret cisco
username admin password cisco
username helpdesk priviledge 2
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:28 ARST