Some commands have level 1, so you will have access to these commands as well... Maybe if you increase their level, then you won't have access to them...
2009/6/3 shahid rox <[email protected]> > Dear shawn, this configuration is not restricting the usage of other > commands !. Priv level 4 is surely assigned but how can i restrict the user > to ONLY AND ONLY RUN show interfaces and NOTHING ELSE ? > > Kindly let me know if my wording is not clear, since from 2 days i have > asked this question again and again and again telling me how to use priv > level which i already know :-). How to use local authorization to restrict > ALL commands except the one that i define ? > > --- On *Tue, 6/2/09, Shawn H. Mesiatowsky <[email protected]>* wrote: > > > From: Shawn H. Mesiatowsky <[email protected]> > Subject: Re: [OSL | CCIE_Security] Local authorization ! > To: [email protected] > Date: Tuesday, June 2, 2009, 4:38 PM > > > Username u4 privilege 4 password ipexpert > > Aaa authorization exec default local > > > > Using the local authorization will use the privilege level assigned to the > local users > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *shahid rox > *Sent:* Monday, June 01, 2009 11:31 PM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] Local authorization ! > > > > Hi all. I am practicing AAA and got confused with local authorization. I > dont want to use any external server. Now these are the tasks i want to > achieve ! > > 1) assign a user to level 4 > 2) level 4 comes with a default subset of commands. like ping, trace etc. > 3) i ONLY want to allow show interfaces command. ALL other commands > shouldnt be allowed, eg if the user uses ping it should get command > authorization failed msg or something like that. > > I know how to use privi command to move commands between levels. but i dont > know how to configure local authorization. > > Can someone guide me this pls ? > > > > >
