deny router command on priv level 15

Unanswered Question
Nov 21st, 2008

device=ACS

objective=allow particular user to have privilege level 15 access to a device except router command

- i was trying to achieve the above but cant. my observation is i cant deny any commands under the config mode. but commands like ping,show,configure which are under the exec mode could be denied easily.

thanks in advance for any help.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
smalkeric Sat, 11/29/2008 - 19:24

By default, there are three command levels on the router:

• privilege level 0-Includes the disable, enable, exit, help, and logout commands

• privilege level 1-Includes all user-level commands at the router> prompt

• privilege level 15-Includes all enable-level commands at the router> prompt

You can move commands around between privilege levels with this command:

privilege exec level priv-lvl command

Actions

This Discussion