Dear shawn, this configuration is not restricting the usage of other commands !. Priv level 4 is surely assigned but how can i restrict the user to ONLY AND ONLY RUN show interfaces and NOTHING ELSE ?
Kindly let me know if my wording is not clear, since from 2 days i have asked this question again and again and again telling me how to use priv level which i already know :-). How to use local authorization to restrict ALL commands except the one that i define ? --- On Tue, 6/2/09, Shawn H. Mesiatowsky <[email protected]> wrote: From: Shawn H. Mesiatowsky <[email protected]> Subject: Re: [OSL | CCIE_Security] Local authorization ! To: [email protected] Date: Tuesday, June 2, 2009, 4:38 PM Username u4 privilege 4 password ipexpert Aaa authorization exec default local Using the local authorization will use the privilege level assigned to the local users From: [email protected] [mailto:[email protected]] On Behalf Of shahid rox Sent: Monday, June 01, 2009 11:31 PM To: [email protected] Subject: [OSL | CCIE_Security] Local authorization ! Hi all. I am practicing AAA and got confused with local authorization. I dont want to use any external server. Now these are the tasks i want to achieve ! 1) assign a user to level 4 2) level 4 comes with a default subset of commands. like ping, trace etc. 3) i ONLY want to allow show interfaces command. ALL other commands shouldnt be allowed, eg if the user uses ping it should get command authorization failed msg or something like that. I know how to use privi command to move commands between levels. but i dont know how to configure local authorization. Can someone guide me this pls ?
