Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1605
Views
0
Helpful
3
Replies

parser view interface issue

DNBardino
Level 1
Level 1

‎07-23-2014 03:40 AM - last edited on ‎03-25-2019 05:32 PM by Community Manager

Hi All

 

i have a problem with parser views.

 

i want to make a view where its only possible to change the vlan on a given port.

 

i have tryed a number of possibilities and now im ready to give up .

 

when i make the view i have to define every gigabit or Fastethernet port, i need a command that can allow access to all gigabitethernet ports without giving them access to execute all comannds in interface config.

 

my view looks like this

parser view int
 secret 5 $1$ZPxG$PZ.izEXhrKjTYPZVhuldu1
 commands interface include switchport
 commands configure include interface
 commands exec include-exclusive configure terminal
 commands exec include configure
!

if i want to allow access to an interface port i need to add 

 

 commands configure include interface gigabitethernet1/0/1

and i rather not add all 28 ports i that manner, is there  a command that fixes my problem?

 

1 person had this problem
Labels:
0 Helpful
3 Replies 3

mohanak
Cisco Employee
Cisco Employee

‎07-23-2014 03:59 AM

DETAILED STEPS

 Command or ActionPurpose
Step 1
enable view


Example:

Router> enable view

 

Enables root view.

  • Enter your privilege level 15 password (for example, root password) if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

Step 3
parser view view-name


Example:

Router(config)# parser view first

 

Creates a view and enters view configuration mode.

Step 4
secret 5 encrypted-password


Example:

Router(config-view)# secret 5 secret

 

Associates a command-line interface (CLI) view or superview with a password.

Note   You must issue this command before you can configure additional attributes for the view.
 
Step 5
commands parser-mode {include | include-exclusive | exclude} [all] [interface interface-name | command]


Example:

Router(config-view)# commands exec include show version

 

Adds commands or interfaces to a view.

  • parser-mode --The mode in which the specified command exists.
  • include --Adds a command or an interface to the view and allows the same command or interface to be added to an additional view.
  • include-exclusive --Adds a command or an interface to the view and excludes the same command or interface from being added to all other views.
  • exclude --Excludes a command or an interface from the view; that is, customers cannot access a command or an interface.
  • all --A "wildcard" that allows every command in a specified configuration mode that begins with the same keyword or every subinterface for a specified interface to be part of the view.
  • interface interface-name -- Interface that is added to the view.
  • command --Command that is added to the view.
 
Step 6
exit


Example:

Router(config-view)# exit

 

Exits view configuration mode.

Step 7
exit


Example:

Router(config)# exit

 

Exits global configuration mode.

Step 8
enable [privilege-level] [view view-name


Example:

Router# enable view first

 

Prompts the user for a password, which allows the user to access a configured CLI view, and is used to switch from one view to another view.

After the correct password is given, the user can access the view.

Step 9
show parser view all


Example:

Router# show parser view

 

(Optional) Displays information about the view that the user is currently in.

  • all --Displays information for all views that are configured on the router.
Note   Although this command is available for both root and lawful intercept users, the all keyword is available only to root users. However, the all keyword can be configured by a user in root view to be available for users in lawful intercept view and CLI view.
0 Helpful

DNBardino
Level 1
Level 1
In response to mohanak

‎07-23-2014 04:35 AM

i have allso found that document but that dosent really help me in that i can see the interface command in step 5 but still dont know if there is a command like the range command that allows me to allow access to all interfaces but no run any commands when they access it. 

 

the closest i have come is the "commands configure include all interface." but that command gives them access to all sub commands in a given interface.

 

0 Helpful

alexandre.tiber
Level 1
Level 1

‎08-12-2014 10:37 AM

Hi,

I have the exact same issue. I want to give access to only gigabitethernet ports but have to add line commands configure include interface gigabitethernet 1/0/X for each interface.

Commands configure include all interface allows creation of SVI for example and I don't want that?

Did you find anything concerning this issue?

Thanks!

Alex

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents