Filtering in Privilege level !!

Unanswered Question
Jun 1st, 2009

Hi all. I am not using AAA. Just using privilege command to move commands between levels. now my question is simple. I want to assign level 2 to my user admin. And he can ONLY run sh interfaces. No other command ( this includes the default set of command coming with privilege level 2) shouldnt be allowed. The user can only run sh interfaces and thats it. Kindly tell me how to do it

1) without AAA, using privilege commands

2) with AAA using local authorization.

Thanks in advance, kindly guide me

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
illusion_rox Mon, 06/01/2009 - 10:03

Dear Sir, i have read it all but it doesnt addresses both of my issues :(. I know how to move commands between levels but i dont know how to restrict all the commands except show interfaces with and without AAA authorization !!

Kindly guide me in this pls

Collin Clark Mon, 06/01/2009 - 10:37

Without AAA create a username and assign the proper level. Local AAA would work the same. Since the user database is local it will use the level you've assigned.

username George privilege 4 secret XE6v#pR92$14

illusion_rox Mon, 06/01/2009 - 19:10

Dear Sir, if i use any priv below 15, a subset of commands comes with it, i want to prevent that subset of commands and only allow the commands i want. Like lets say in priv 4, at the least we will have ping, traceroute commands and some other commands, i want to prevent them all and just allow show interfaces command to be executed by anyone who is in priv 4.

How can i do this ?

Collin Clark Tue, 06/02/2009 - 05:24

privilege exec level 4 traceroute

privilege exec level 4 ping

privilege exec level 4 show ip interface brief

privilege exec level 4 show ip interface

privilege exec level 4 show ip

privilege exec level 4 show

That creates command at level 4. There will always be some commands like exit and login.


This Discussion