Unanswered Question
Feb 25th, 2009

I would want to give all privilege in configuration mode except one command : "no router eigrp" : How to write this ?

privilege exec level 15 no router



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Fri, 02/27/2009 - 18:37

I think this would not be able to be accomplished like that, honestly your best shot is using command authorization, this as long as you have an ACS server and you have defined tacacs protocol, I did a quick test on dynagen trying to move the command router to level 14 and then moving the command "no router" to level 15 but that action moves the whole router command to level 15. just my 2 cents

aneelaka Fri, 03/06/2009 - 14:41

Best way to approach this is to use a TACACS server and command authorization, You can deny the router eigrp in the user or group level

sahmedshahcsd Sat, 03/07/2009 - 02:29

Using ACS server you can enable command authorization as denied for the command "router eigrp" on a group or user level basis.




This Discussion