Hi Jack,
Role based CLI will do it for you.
You need to have AAA enabled.
Briefly speaking, you need to:
1 - enable AAA
2 - enter root view mode
3 - create a view - specify which commands
4 - associate a user with a view
A sample config:
aaa new-model
enable view
(enter secret password)
conf t
parser view SupportLevel1
secret SupLevel1
commands exec include show ip int br
exit
username test view SupportLevel1 sec test
Login with this new user and then
Router>enable view SupportLevel1
Password:SupLevel1
Router#
Please check more info on:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gtclivws.html
HTH.
Marcelo Pinheiro
On Wed, Dec 1, 2010 at 9:05 PM, Jack Router <pan.router_at_gmail.com> wrote:
> Hello Experts,
> I have hard time grasping the concept of privilege levels. For start, can
> someone please explain how I can restrict a user to only one command. For
> example specific user can ONLY do "sh ip int brief" ?
> Thanks
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Dec 01 2010 - 21:30:07 ART
This archive was generated by hypermail 2.2.0 : Sat Jan 01 2011 - 09:37:49 ART