From: darth router (darklordrouter@gmail.com)
Date: Mon Nov 03 2008 - 23:52:56 ARST
THANK YOU!!
On Mon, Nov 3, 2008 at 4:44 PM, Huan Pham <Huan.Pham@peopletelecom.com.au>wrote:
> Hi Darth,
>
> To configure different enable passwords for different privilige, pls try
> this,
>
> enable secret level 2 L2Password
>
>
> R1>enable 2
> Password: L2Password
>
> R1#show privilege
> Current privilege level is 2
>
> R1#conf t
> ^
> % Invalid input detected at '^' marker.
>
> R1#enable 15
> Password: cisco
>
> R1#sh privilege
> Current privilege level is 15
>
> R1#conf t
> Enter configuration commands, one per line. End with CNTL/Z.
> R1(config)#
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> darth router
> Sent: Tuesday, 4 November 2008 12:18 PM
> To: Brad Ellis
> Cc: ccie forum
> Subject: Re: IOS privileges for helpdesk
>
> Thanks Brad. That helps there. In the older IOSs (so I've read anyway),
> they didn't have any commands associated and you had to manually define
> everything.
>
> The user priv level command works if you do not have AAA enabled. It
> will supercede the req for using the enable pass, but not if you have
> AAA enabled. It doesn't matter if I define the "user test privilege
> 15,", it'll still drop user test at priv 1, and force you to use the
> enable pass.
>
> I was wondering if there was a way around this, but it does not look
> like it. I'm using local auth only for router access.
>
> On Mon, Nov 3, 2008 at 3:48 PM, Brad Ellis <brad@ccbootcamp.com> wrote:
>
> > Here's a great way of doing it with priv. level 2:
> >
> > Anything you want them to have access to (examples):
> >
> > privilege exec level 2 traceroute
> > privilege exec level 2 ping
> > privilege exec level 2 disable
> > privilege exec level 2 where
> > privilege exec level 2 name-connection privilege exec level 2 send *
> > privilege exec level 2 send privilege exec level 2 terminal privilege
> > exec level 2 show clock privilege exec level 2 clear line privilege
> > exec level 2 clear
> >
> > anything that you DON'T want them to have access to (example):
> >
> > privilege exec level 15 show terminal
> >
> > Let me know if that helps.
> >
> > thanks,
> > Brad Ellis
> > CCIE#5796 (R&S / Security)
> > CCSI# 30482
> > CEO / President
> > CCBOOTCAMP - A Cisco Sponsored Organization (SO)
> > Email: brad@ccbootcamp.com
> > Toll Free: 877-654-2243
> > International: +1-702-968-5100
> > Skype: skype:ccbootcamp?call
> > FAX: +1-702-446-8012
> > YES! We take Cisco Learning Credits!
> > Training And Remote Racks: http://www.ccbootcamp.com -----Original
> > Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of darth router
> > Sent: Monday, November 03, 2008 3:58 PM
> > To: ccie forum
> > Subject: IOS privileges for helpdesk
> >
> > fellas/ladies,
> >
> > Few questions on this.
> > 1. with the below config, can I get this to work somehow ? I do not
> > want to get rid of the enable pass. It will not work with the current
> > config.
> > 2. is there a way to have more than 1 enable pass with a diff priv
> > level set for helpdesk (haven't been able to get this to work) 3. Is
> > there a way to clear all commands from a privilege level, mtrace,
> > ping, etc...? I can see in the doc CD how to add, but not remove
> > default commands.
> >
> >
> >
> > aaa authentication login default local line aaa authentication enable
> > default enable
> >
> >
> > enable secret cisco
> >
> > username admin password cisco
> > username helpdesk priviledge 2
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:28 ARST