From: Piotr M (pitt2k@gmail.com)
Date: Sat Jan 17 2009 - 06:23:56 ARST
Hi Champ :)
In this case you need to configure command authorization rather than
just moving some commands to lower privilege level.
Rememeber that there are default levels 0 and 1, so your level 4 has
access to commands from lower levels by default. If you want to give
access to ONLY commands defined by you on level 4, you need to move
level 0 and 1 commands to level 4, which may be quite complicated
(because there can be lots of such commands, different command set on
each IOS version).
The better way is to use configure level 4 like you did, and enable
command authorization for level 0, 1 and 4 on ACS (configure Shell
Command Authorization Set with commands from level 4 only).
HTH,
PM
2009/1/17 CiSco Champ <cischamp2009@gmail.com>:
> Hi,
>
> I configure a privilege level 4 with some show and config command and assign
> to a user but when i telnet router with this user, i can access also all
> lower privilege level commands like show commands . I want privilege level 4
> to see only what i configured..
>
> Regards
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:38 ARST