Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

parser view interface issue

Hi All

 

i have a problem with parser views.

 

i want to make a view where its only possible to change the vlan on a given port.

 

i have tryed a number of possibilities and now im ready to give up .

 

when i make the view i have to define every gigabit or Fastethernet port, i need a command that can allow access to all gigabitethernet ports without giving them access to execute all comannds in interface config.

 

my view looks like this

parser view int
 secret 5 $1$ZPxG$PZ.izEXhrKjTYPZVhuldu1
 commands interface include switchport
 commands configure include interface
 commands exec include-exclusive configure terminal
 commands exec include configure
!

if i want to allow access to an interface port i need to add 

 

 commands configure include interface gigabitethernet1/0/1

and i rather not add all 28 ports i that manner, is there  a command that fixes my problem?

 

Everyone's tags (3)
3 REPLIES
Cisco Employee

DETAILED STEPS Command or

DETAILED STEPS

 Command or ActionPurpose
Step 1
enable view


Example:

Router> enable view

 

Enables root view.

  • Enter your privilege level 15 password (for example, root password) if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

Step 3
parser view view-name


Example:

Router(config)# parser view first

 

Creates a view and enters view configuration mode.

Step 4
secret 5 encrypted-password


Example:

Router(config-view)# secret 5 secret

 

Associates a command-line interface (CLI) view or superview with a password.

Note   You must issue this command before you can configure additional attributes for the view.
 
Step 5
commands parser-mode {include | include-exclusive | exclude} [all] [interface interface-name | command]


Example:

Router(config-view)# commands exec include show version

 

Adds commands or interfaces to a view.

  • parser-mode --The mode in which the specified command exists.
  • include --Adds a command or an interface to the view and allows the same command or interface to be added to an additional view.
  • include-exclusive --Adds a command or an interface to the view and excludes the same command or interface from being added to all other views.
  • exclude --Excludes a command or an interface from the view; that is, customers cannot access a command or an interface.
  • all --A "wildcard" that allows every command in a specified configuration mode that begins with the same keyword or every subinterface for a specified interface to be part of the view.
  • interface interface-name -- Interface that is added to the view.
  • command --Command that is added to the view.
 
Step 6
exit


Example:

Router(config-view)# exit

 

Exits view configuration mode.

Step 7
exit


Example:

Router(config)# exit

 

Exits global configuration mode.

Step 8
enable [privilege-level] [view view-name


Example:

Router# enable view first

 

Prompts the user for a password, which allows the user to access a configured CLI view, and is used to switch from one view to another view.

After the correct password is given, the user can access the view.

Step 9
show parser view all


Example:

Router# show parser view

 

(Optional) Displays information about the view that the user is currently in.

  • all --Displays information for all views that are configured on the router.
Note   Although this command is available for both root and lawful intercept users, the all keyword is available only to root users. However, the all keyword can be configured by a user in root view to be available for users in lawful intercept view and CLI view.
New Member

i have allso found that

i have allso found that document but that dosent really help me in that i can see the interface command in step 5 but still dont know if there is a command like the range command that allows me to allow access to all interfaces but no run any commands when they access it. 

 

the closest i have come is the "commands configure include all interface." but that command gives them access to all sub commands in a given interface.

 

New Member

Hi,I have the exact same

Hi,

I have the exact same issue. I want to give access to only gigabitethernet ports but have to add line commands configure include interface gigabitethernet 1/0/X for each interface.

Commands configure include all interface allows creation of SVI for example and I don't want that?

Did you find anything concerning this issue?

Thanks!

Alex

499
Views
0
Helpful
3
Replies
CreatePlease to create content