×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX Privilege Levels

Unanswered Question
Jul 14th, 2006
User Badges:

Hi,


I have configured a username with privilege level 2 on my PIX but have not defined any commands for Level2.

Even then i observe that when i logon with those credentials iam able to go to the configure mode and by an large execute all the commands.

What is causing this.


My PIX Ver- 6.3(3)

====================

username monitor password xxx encrypted privilege 2


PIX-525# show curpriv

Username : monitor

Current privilege level : 2

Current Mode/s : P_PRIV


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
grant.maynard Fri, 07/14/2006 - 13:37
User Badges:
  • Silver, 250 points or more

sounds like you have enabled authentication but not authorisation. try:


aaa authorization command LOCAL


privilege cmd level 2 mode exec command show

privilege cmd level 2 mode exec command quit

privilege show level 2 mode exec command interface


etc


suschoud Fri, 07/14/2006 - 14:01
User Badges:
  • Gold, 750 points or more

"""When commands have privilege levels set, and users have privilege levels set, then the two are compared to determine if a given user can execute a given command.""" If the user's privilege level is lower than the privilege level of the command, the user is prevented from executing the command.


here i feel you have configured privilege level for account ,however you have n't specified the commands which should correspond to priv. level 2.So,pix has nothing to compare and that's why you are able to execute all of the commands.

Actions

This Discussion