that is a good one, i tried the new Role Based CLI with the parser view and
got the same result, ALL THE LINES:
parser view LEVEL3
secret 5 $1$xVpj$GwJ1Q9H2MeIGl7jD3DUmg0
commands configure include line
commands exec include configure terminal
commands exec include configure
!
end
Router(config-view)#commands configure include line aux
Router(config-view)#do sh run | b parser
parser view LEVEL3
secret 5 $1$xVpj$GwJ1Q9H2MeIGl7jD3DUmg0
commands configure include line
commands exec include configure terminal
commands exec include configure
!
end
Router#enable view LEVEL3
Password:
Router#sh p
*Oct 10 14:46:12.499: %PARSER-6-VIEW_SWITCH: successfully set to view
'LEVEL3'.ars
Router#sh parser view
Current view is 'LEVEL3'
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line
Router(config)#line ?
<0-6> First Line number
aux Auxiliary line
console Primary terminal line
vty Virtual terminal
On Sat, Oct 10, 2009 at 1:21 PM, Erwin van Harrewijn <erwin_at_f1x0r.nl> wrote:
> Hi Group,
>
> I am reviewing the use of privilege levels.
>
> The task I want to achieve is the following:
> - configure a user having access to level 3 commands
> - allow the user only to configure the line aux 0
> - not allowing the user to configure line con or line vty
>
> I can restrict the user to level 3
> I can restrict the user to only user "config terminal" command
> I can not restrict the user to only configure the aux 0 line
>
> I hoped to solve this issue with the "privilege configure level 3 line
> aux 0" command, but the "aux 0" part is stripped.
>
> Any ideas are greatly appreciated.
> Erwin
>
>
> =======
>
> bastion#sh privilege
> Current privilege level is 3
>
> bastion(config)#?
> Configure commands:
> beep Configure BEEP (Blocks Extensible Exchange Protocol)
> call Configure Call parameters
> default Set a command to its defaults
> end Exit from configure mode
> exit Exit from configure mode
> help Description of the interactive help system
> line Configure a terminal line
> netconf Configure NETCONF
> no Negate a command or set its defaults
> sasl Configure SASL
> wsma Configure Web Services Management Agents
>
> bastion(config)#line ?
> <0-6> First Line number
> aux Auxiliary line
> console Primary terminal line
> vty Virtual terminal
>
> bastion#show run | i priv
> username level3 privilege 3 secret 5 $1$1/r8$0EF0wbTx/BCVcGc4fnEAi1
>
> privilege configure level 3 line
> privilege exec level 3 configure terminal
> privilege exec level 3 configure
>
> ========
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Garry L. Baker "There is no 'patch' for stupidity." - www.sqlsecurity.com Blogs and organic groups at http://www.ccie.netReceived on Sat Oct 10 2009 - 14:48:38 ART
This archive was generated by hypermail 2.2.0 : Sun Nov 01 2009 - 07:50:59 ART