problem with ROLE-based CLI superview

Unanswered Question
Mar 12th, 2007

Hi all,

Using ROLE-based CLI, I want to build differents CLI views for users with some restrictions

in specific areas:

NOIPS view :

- without CBAC

NOCBAC view:

- Without IPS

NOSEC superview (include both NOIPS and NOCBAC):

- Neither IPS nor CBAC

Users logged to NOIPS have no access to IPS and users with NOCBAC have no access to CBAC,

But the resulting superview NOSEC allows both functionalities instead of disabling them!

--------- Here is the Configuration for troubleshooting

parser view NOIPS

secret noipspass

commands interface include ip

commands configure exclude ip ips

commands interface exclude ip ips

commands configure include all ip

commands exec include all configure


parser view NOCBAC

secret nocbacpass

commands exec include all configure

commands configure include all ip

commands configure exclude ip inspect

commands inteface exclude ip inspect


parser view NOSEC superview

secret nosecpass

view NOIPS


--------------- Testing

Router>en view NOSEC


*Mar 1 01:13:58.127: %PARSER-6-VIEW_SWITCH: successfully set to view 'NOSEC'.

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#ip inspect audit-trail

Router(config)#ip ips notify log


----------->>>> Both fuctionalities are available with NOSEC view ???

Think you in advance,


I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion