I want to restrict a user, upon login, to exactly two commands on an IOS router:
1) show users
The user must not have access to any other command in the CLI.
But I cannot figure out how to accomplish this.
(config)# username test privilege 0 password test
(config)# privilege exec level 0 show users not only enables the show users subcommand, but also gives access to the whole set of "show" subcommands. How do I allow exactly one subcommand to be available to a user?
If I issue (config)# privilege exec level 1 show afterwards, level 0 user for some reason loses access to the "show users" subcommand.
I've been banging my head against a wall for days. Is what I want to achieve even possible and if it is, how?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...