This is interesting. From what I'm seeing, it's only taking effect on the "clear line" and not any of the sub-options. In fact, when you change the privilege level it changes the level for the main clear. I also tried this using views, and it's the same result. It looks like giving permissions to clear line gives permissions to everything under it. Below is the result from trying to configure it with a view:
R5(config-view)#do sh run | s parser
parser view Line
secret 5 $1$uqx0$YN3MOzb0yzwrRAlKs9RYU/
commands exec include clear line
commands exec include clear
R5(config-view)#commands exec exclude ?
LINE Keywords of the command
all wild card support
R5(config-view)#commands exec exclude clear line console
% Command present in 'include' mode
As you can see, I was trying to exclude clearing the console line, but it shows that it's included in the view already, but above it shows that it's only including the parent.
Maybe someone else has ran into this, but it doesn't look like it's a doable option.
Below is the change that's being made when trying to specify the sub-option. It changes the whole class:
R5(config)#do sh run | i privil
username test privilege 7 view Line password 0 test
privilege exec level 8 clear sampler
privilege exec level 7 clear line
privilege exec level 7 clear
R5(config)#privilege exec level 8 clear line console
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
An alternative approach would be to consider AAA with TACACS for granular command control.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...