I'm having trouble figuring out how to limit the commands a user can execute on a NAS (3660 router) using the local database. I have aaa authentication set up. I use the command username xxxx privilege 1 for one of my user, but it doesn't seem to restrict them from anything.
to test this I have a sub interface. I log on as this person, get into Int confiuration mode and successfully shut the interface down. I only want him to be able to execute the command listed above. Why doesn't it work?
You may have entered in "enable" mode to use "conf t" and change the interface config. Enable mode is privilege 15 command which let you do everything with the router. Also if the user is given privilege level 5 access, that means users got level 0 to level 5 access. So don't get in to enable mode and check again.
with only priv level 5 config like above, user bradley will only be able to issue show commands and ping..(if he don't get in enable mode)..Pl. visit following url for more detailed explanation
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...