Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

role-based view commands missing from config

Unanswered Question
Nov 23rd, 2010
User Badges:

Hi All,

I set up a 2960G with IOS 12.2(44)SE6 and created a role-based view to be used by our helpdesk.  One of the things they need to do is add rules to a MAC ACL on the switch.  I've successfully created a view for them and can include and exclude most commands, however, when I try to include the "commands mac-enacle include all permit" command, I get no syntax error, and there is no line in my configuration reflecting the change. As it stands, from the helpdesk view (named smco) I can get into mac acl configuration mode, but I can't issue any of the sub commands.

Any advice would be greatly appreciated.  I tried upgraded to 12.2(55)SE and had the same result.

The current configuration for the parser view is as follows:

parser view smco
secret 5 hashed_pw
commands configure include mac access-list extended
commands configure include all mac access-list
commands configure include mac
commands exec include configure terminal
commands exec include configure

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
yjdabear Tue, 11/23/2010 - 11:45
User Badges:
  • Gold, 750 points or more

Do you see the "mac-enable" keyword after "commands ?"

dacaprice Tue, 11/23/2010 - 11:49
User Badges:


No. I only see "mac-enacl" after commands.

yjdabear Tue, 11/23/2010 - 11:52
User Badges:
  • Gold, 750 points or more

My bad. I read "mac-enacle" as "mac-enable". Would the extra "e" at the end be the issue then?

dacaprice Tue, 11/23/2010 - 12:02
User Badges:

Unfortunately, no.  I "mac-enacl" is my only option begining with "mac" and I am able to enter the command without any errors, the line just does not show up in my config.

yjdabear Tue, 11/23/2010 - 12:20
User Badges:
  • Gold, 750 points or more

When you say "there is no line in my configuration", are you referring to the running- or startup-config?

As far as the inability to run the mac acl subcommands as "smco", is there something along the lines of?

username smco privilege [privilege-level] view smco

dacaprice Tue, 11/23/2010 - 12:36
User Badges:

After I issue the command "commands mac-enacl include all permit" there is no line in my startup or running configuration that says: "commands mac-enacl include all permit" or anything that closely resembles that.

I've tested with multiple local accounts.  After authenticating, I issue the "enable view smco".

dacaprice Tue, 11/30/2010 - 07:36
User Badges:

Hi all,

I was wondering if there was anyone else who could offer some insight into this problem or atleast duplicate it.

thanks in advance!


This Discussion

Related Content