Re: IOS privileges for helpdesk

From: darth router (darklordrouter@gmail.com)
Date: Mon Nov 03 2008 - 23:18:18 ARST

• Next message: Darby Weaver: "Re: CCIE in Data Centre Technologies ???"
• Previous message: Brad Ellis: "RE: IOS privileges for helpdesk"
• Maybe in reply to: darth router: "IOS privileges for helpdesk"
• Next in thread: Huan Pham: "RE: IOS privileges for helpdesk"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks Brad. That helps there. In the older IOSs (so I've read anyway), they
didn't have any commands associated and you had to manually define
everything.

The user priv level command works if you do not have AAA enabled. It will
supercede the req for using the enable pass, but not if you have AAA
enabled. It doesn't matter if I define the "user test privilege 15,", it'll
still drop user test at priv 1, and force you to use the enable pass.

I was wondering if there was a way around this, but it does not look like
it. I'm using local auth only for router access.

On Mon, Nov 3, 2008 at 3:48 PM, Brad Ellis <brad@ccbootcamp.com> wrote:

> Here's a great way of doing it with priv. level 2:
>
> Anything you want them to have access to (examples):
>
> privilege exec level 2 traceroute
> privilege exec level 2 ping
> privilege exec level 2 disable
> privilege exec level 2 where
> privilege exec level 2 name-connection
> privilege exec level 2 send *
> privilege exec level 2 send
> privilege exec level 2 terminal
> privilege exec level 2 show clock
> privilege exec level 2 clear line
> privilege exec level 2 clear
>
> anything that you DON'T want them to have access to (example):
>
> privilege exec level 15 show terminal
>
> Let me know if that helps.
>
> thanks,
> Brad Ellis
> CCIE#5796 (R&S / Security)
> CCSI# 30482
> CEO / President
> CCBOOTCAMP - A Cisco Sponsored Organization (SO)
> Email: brad@ccbootcamp.com
> Toll Free: 877-654-2243
> International: +1-702-968-5100
> Skype: skype:ccbootcamp?call
> FAX: +1-702-446-8012
> YES! We take Cisco Learning Credits!
> Training And Remote Racks: http://www.ccbootcamp.com
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> darth router
> Sent: Monday, November 03, 2008 3:58 PM
> To: ccie forum
> Subject: IOS privileges for helpdesk
>
> fellas/ladies,
>
> Few questions on this.
> 1. with the below config, can I get this to work somehow ? I do not want
> to
> get rid of the enable pass. It will not work with the current config.
> 2. is there a way to have more than 1 enable pass with a diff priv level
> set
> for helpdesk (haven't been able to get this to work)
> 3. Is there a way to clear all commands from a privilege level, mtrace,
> ping, etc...? I can see in the doc CD how to add, but not remove default
> commands.
>
>
>
> aaa authentication login default local line
> aaa authentication enable default enable
>
>
> enable secret cisco
>
> username admin password cisco
> username helpdesk priviledge 2
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Darby Weaver: "Re: CCIE in Data Centre Technologies ???"
• Previous message: Brad Ellis: "RE: IOS privileges for helpdesk"
• Maybe in reply to: darth router: "IOS privileges for helpdesk"
• Next in thread: Huan Pham: "RE: IOS privileges for helpdesk"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:28 ARST