Here is what I am trying to do I am creating two users ADMIN and Operator. ADMIN has all the rights and for OPERATOR i am restricting the access through role based CLI using a view HTTP. I am using local authentication and authorization, placing both users at privilege level 15 and placing OPERATOR in view HTTP. When I login using the OPERATOR, instead of being placed at exec (priv 15) I am placed at priv level 0. If i enable here, I am given level 15 un restricted access.
What am i doing wrong. Here is the config aaa authentication login default none aaa authentication login VTY local aaa authorization exec VTY local ! username ADMIN privilege 15 password 0 CISCO username OPERATOR privilege 15 view HTTP password 0 CISCO ! line vty 0 4 password cisco authorization exec VTY login authentication VTY transport input ssh ! parser view HTTP secret 5 $1$WpiY$Xj9az9zBmG5nWyN7sdUkK. commands configure include all ip http commands configure include ip commands exec include configure terminal commands exec include configure ! And here is my issue Rack1R5#ssh -l OPERATOR 150.1.4.4 Password: Rack1R4> (Note here.... i am not in priv lev 15) if I enable here I go out of the view and have all the access shouldn't I be placed in exec mode but in restricted view... With other user, i am directly placed in exec Rack1R5#ssh -l ADMIN 150.1.4.4 Password: Rack1R4# Any help will be appreciated Regards Badar Farooq
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
