Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

USERS on a router

i want to allow 2 users with view only priviledges.. or allow ping at most...

how do i do that..

these users willl connect via telnet ..

i created the user with 0 level priviledge ..

but how do i get the router to ask for the username ..

right now if i telnet the router it asks for a password and brings me to the enable prompt....

any help....???

1 ACCEPTED SOLUTION

Accepted Solutions

Re: USERS on a router

Hi Atif,

After some trials, i don't think that you can force the router to go for vty line 5, while lines 0-4 are not busy, but lets think outside the box, why would you need this, why not using "login local" on all the lines, while having 2 privileges, for example 3 and 15.

The use of the ACL under the VTYs, was generally proposed to secure the VTYs and not for the purpose you are trying.

HTH,

Mohammed Mahmoud.

15 REPLIES

Re: USERS on a router

Hi,

You'll need:

username xxxx privilege x password xxxxxx

privilege exec all level x show

line vty 0 4

login local

NOTE: The user will be able to do any show, except "show running-config".

HTH,

Mohammed Mahmoud.

Community Member

Re: USERS on a router

Hi mahmoud.. how r u . nice to see u again..

yea i figured that out ..

i set priviledge 3 on that user with show and ping command.. also on the vty lines i set login local..

now that has the router prompting for the username and password the way i wanted...

but now is there anyway that i can use the enable password ?? cause its asking for a username....

Community Member

Re: USERS on a router

hi,

one more thing i was wondering

i have vty lines from 0 4 set with login

and vty lines 5 15 set with login local

when i telnet to this router i am telneting to vty lines 0 4 right ???

is there any way that i can have a user to telnet to the 5 to 15 vty lies and have them prompted for username.

**********************************

line vty 0 4

privilege level 15

password 7 154656776867E

login

transport input telnet

line vty 5 15

privilege level 15

login local

transport input telnet

************************************

Re: USERS on a router

Hi Atif,

Nice to c u back :)

You can make use of access-class command and restrict the access to your router and tell the router which ip is authorized to access which vty:

access-list 2 permit x.x.x.x

line vty 0 4

access-class 2 in

Where x.x.x.x is the ip which you need to allow on vty 0 4.

HTH,

Mohammed Mahmoud.

Community Member

Re: USERS on a router

hmmm ok

ill keep the vty line 5 15 on "login" instead of "login local" with the "access-class" command for MY IP so that i can use that for administrative purpose (using the enable password).

And ill keep vty lines 0 4 on "login local" so that anyone else connecting should get the username and password prompt.

just one quick thing ... after all the above when i connect from MY IP, will it check the ACL and both VTY line's config before giving me the prompt ??

il try it out anyways :p .. thanks again...

Community Member

Re: USERS on a router

didnt work... :-(

how and when is the line vty 5 15 used ????

Re: USERS on a router

Hi Atif,

You are right, it shouldn't work this way i've overlooked a fact that the router won't use line 5 until lines 0-4 are busy, let me think about a different method for you.

HTH,

Mohammed Mahmoud.

Re: USERS on a router

Hi Atif,

After some trials, i don't think that you can force the router to go for vty line 5, while lines 0-4 are not busy, but lets think outside the box, why would you need this, why not using "login local" on all the lines, while having 2 privileges, for example 3 and 15.

The use of the ACL under the VTYs, was generally proposed to secure the VTYs and not for the purpose you are trying.

HTH,

Mohammed Mahmoud.

Community Member

Re: USERS on a router

i was thining that i would keep the enable password for my own use and give the shift administrator the level 3 access...

instead of creating 2 local accounts i would this way have to only keep 1 account for the shift administrator.. .. but anyways i guess ill have to keep login local and create 2 accounts ..

:-) appreciate the help thou.. thanks .

see u later in another issue.. lol

Re: USERS on a router

Hi ,

You are very welcomed :)

BR,

Mohammed Mahmoud.

Re: USERS on a router

Hi,

After digging around, i finally found you a solution :)

line vty 0 4

rotary 1

login local

and telnet to TCP port 3001.

line vty 5 15

rotary 2

password cisco

login

and telnet to TCP port 3002.

I've tested it and its fully operational, and you can add the access-list for more security.

HTH,

Mohammed Mahmoud.

Community Member

Re: USERS on a router

Can anyone please explain this "Interface Vi2 to me ??

Dawlance_HO#sh users

Line User Host Idle Location

* vty 322 admin idle 00:00:00 172.16.0.2

Interface User Mode Idle Peer Address

Vi PPPoE 00:05:32 202.163.110.250

Re: USERS on a router

Hi,

interface vi2, is called Virtual-access interface, its a dynamic cloned interface from the virtual template interface configured interface, it is dynamically created when the PPPoE session is to be terminated on this router to inherit the configuration under the virtual template interface.

Virtual template interfaces can be created and applied by various applications such as Virtual Profiles, virtual private dialup networks (VPDN), PPP over ATM, PPP over Frame Relay, protocol translation, and Multichassis Multilink PPP (MMP).

HTH,

Mohammed Mahmoud.

Community Member

Re: USERS on a router

thanks mahmoud

please do find a way for this ...

also is there any way to comment a configuration line for eg. if i want to diable a line for a while and not delete it..

! is this it ??

Re: USERS on a router

Hi,

The "!" makes sure that when copying the configuration to the router, that the router doesn't treat this line as a code, example:

interface serial0/0.1

! ip address 10.10.10.1 255.255.255.252

ip address 192.168.99.1 255.255.255.252

If the previous configuration is pasted at the router prompt, the router will ignore the first line and take the second line, and note that the line appended with "!" won't be even displayed in the router configuration, you can use the "!" for adding descriptions in your configuration template as follows:

! The following interface is for internet access

interface serial0/0.1

Like this you can copy the configurations template to the router, and the router will understand the the line appended with the "!" is not a configuration line.

There is not way to remark a line in the running configuration code despite deleting it, like we can do in most of the programming languages.

HTH,

Mohammed Mahmoud.

164
Views
9
Helpful
15
Replies
CreatePlease to create content