06-01-2009 02:28 AM - edited 03-10-2019 04:31 PM
Hi all. I am not using AAA. Just using privilege command to move commands between levels. now my question is simple. I want to assign level 2 to my user admin. And he can ONLY run sh interfaces. No other command ( this includes the default set of command coming with privilege level 2) shouldnt be allowed. The user can only run sh interfaces and thats it. Kindly tell me how to do it
1) without AAA, using privilege commands
2) with AAA using local authorization.
Thanks in advance, kindly guide me
06-01-2009 05:12 AM
This link should work for both.
Hope that helps.
06-01-2009 10:03 AM
Dear Sir, i have read it all but it doesnt addresses both of my issues :(. I know how to move commands between levels but i dont know how to restrict all the commands except show interfaces with and without AAA authorization !!
Kindly guide me in this pls
06-01-2009 10:37 AM
Without AAA create a username and assign the proper level. Local AAA would work the same. Since the user database is local it will use the level you've assigned.
username George privilege 4 secret XE6v#pR92$14
06-01-2009 07:10 PM
Dear Sir, if i use any priv below 15, a subset of commands comes with it, i want to prevent that subset of commands and only allow the commands i want. Like lets say in priv 4, at the least we will have ping, traceroute commands and some other commands, i want to prevent them all and just allow show interfaces command to be executed by anyone who is in priv 4.
How can i do this ?
06-02-2009 05:24 AM
privilege exec level 4 traceroute
privilege exec level 4 ping
privilege exec level 4 show ip interface brief
privilege exec level 4 show ip interface
privilege exec level 4 show ip
privilege exec level 4 show
That creates command at level 4. There will always be some commands like exit and login.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: