From: Huan Pham (Huan.Pham@peopletelecom.com.au)
Date: Mon Nov 03 2008 - 23:44:39 ARST
Hi Darth,
To configure different enable passwords for different privilige, pls try
this,
enable secret level 2 L2Password
R1>enable 2
Password: L2Password
R1#show privilege
Current privilege level is 2
R1#conf t
^
% Invalid input detected at '^' marker.
R1#enable 15
Password: cisco
R1#sh privilege
Current privilege level is 15
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
darth router
Sent: Tuesday, 4 November 2008 12:18 PM
To: Brad Ellis
Cc: ccie forum
Subject: Re: IOS privileges for helpdesk
Thanks Brad. That helps there. In the older IOSs (so I've read anyway),
they didn't have any commands associated and you had to manually define
everything.
The user priv level command works if you do not have AAA enabled. It
will supercede the req for using the enable pass, but not if you have
AAA enabled. It doesn't matter if I define the "user test privilege
15,", it'll still drop user test at priv 1, and force you to use the
enable pass.
I was wondering if there was a way around this, but it does not look
like it. I'm using local auth only for router access.
On Mon, Nov 3, 2008 at 3:48 PM, Brad Ellis <brad@ccbootcamp.com> wrote:
> Here's a great way of doing it with priv. level 2:
>
> Anything you want them to have access to (examples):
>
> privilege exec level 2 traceroute
> privilege exec level 2 ping
> privilege exec level 2 disable
> privilege exec level 2 where
> privilege exec level 2 name-connection privilege exec level 2 send *
> privilege exec level 2 send privilege exec level 2 terminal privilege
> exec level 2 show clock privilege exec level 2 clear line privilege
> exec level 2 clear
>
> anything that you DON'T want them to have access to (example):
>
> privilege exec level 15 show terminal
>
> Let me know if that helps.
>
> thanks,
> Brad Ellis
> CCIE#5796 (R&S / Security)
> CCSI# 30482
> CEO / President
> CCBOOTCAMP - A Cisco Sponsored Organization (SO)
> Email: brad@ccbootcamp.com
> Toll Free: 877-654-2243
> International: +1-702-968-5100
> Skype: skype:ccbootcamp?call
> FAX: +1-702-446-8012
> YES! We take Cisco Learning Credits!
> Training And Remote Racks: http://www.ccbootcamp.com -----Original
> Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of darth router
> Sent: Monday, November 03, 2008 3:58 PM
> To: ccie forum
> Subject: IOS privileges for helpdesk
>
> fellas/ladies,
>
> Few questions on this.
> 1. with the below config, can I get this to work somehow ? I do not
> want to get rid of the enable pass. It will not work with the current
> config.
> 2. is there a way to have more than 1 enable pass with a diff priv
> level set for helpdesk (haven't been able to get this to work) 3. Is
> there a way to clear all commands from a privilege level, mtrace,
> ping, etc...? I can see in the doc CD how to add, but not remove
> default commands.
>
>
>
> aaa authentication login default local line aaa authentication enable
> default enable
>
>
> enable secret cisco
>
> username admin password cisco
> username helpdesk priviledge 2
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:28 ARST