Did that the same result Rack1R5#telnet 150.1.4.4 Trying 150.1.4.4 ... Open
User Access Verification Username: OPERATOR Password: *Rack1R4>* The debug is stranger Mar 5 16:53:46.883: AAA/AUTHEN/LOGI N (0000000F): Pick method list 'VTY' Mar 5 16:53:53.498: AAA/AUTHOR (0xF): Pick method list 'VTY' Mar 5 16:53:53.502: AAA/AUTHOR/EXEC(0000000F): processing AV cmd= *Mar 5 16:53:53.502: AAA/AUTHOR/EXEC**(0000000F): processing AV priv-lvl=15 * Mar 5 16:53:53.502: AAA/AUTHOR/EXEC(0000000F): processing AV cli-view-name=HTTP Mar 5 16:53:53.506: AAA/AUTHOR/EXEC(0000000F): Authorization successful clearly i am getting authorized at level 15. Still not getting the prompt. On Thu, Dec 3, 2009 at 4:37 PM, Kingsley Charles <[email protected] > wrote: > > Oops, sorry I overlooked that. > > I have been also configuring CLI view for sometime but have not come across > this issue. Your configuration seems to be correct. > > can you try with telnet. just add transport ssh telnet and let's see what > is happening > > ssh may be requires some crypto functionality but your's only permit conf > ter and ip http > > commands configure include all ip http > commands configure include ip > commands exec include configure terminal > commands exec include configure > > > just a guess > > > With regards > Kings > On Thu, Dec 3, 2009 at 6:53 PM, Badar Farooq <[email protected]>wrote: > >> Kingsley I am using username in the SSH command. >> >> >> ssh -l OPERATOR 150.1.4.4 >> >> >> On Thu, Dec 3, 2009 at 4:15 PM, Kingsley Charles < >> [email protected]> wrote: >> >>> hey why are you just prompted for password. You should be prompted for >>> both username and password. >>> >>> Try removing the password cmd under the line vty 0 4. >>> >>> With regards >>> Kings >>> >>> On Thu, Dec 3, 2009 at 6:26 PM, Badar Farooq <[email protected]>wrote: >>> >>>> Well... I am using AAA for authorization of VTY so it shouldnt matter. >>>> but I tried this >>>> >>>> Rack1R4(config)#line vty 0 181 >>>> Rack1R4(config-line)#privilege level 15 >>>> Rack1R4(config-line)#end >>>> >>>> Rack1R4# >>>> Mar 5 17:15:02.422: %SYS-5-CONFIG_I: Configured from console by console >>>> Rack1R4# >>>> GV-Rack4>5 >>>> [Resuming connection 5 to r5 ... ] >>>> >>>> [Connection to 150.1.4.4 closed by foreign host] >>>> Rack1R5# >>>> Rack1R5# >>>> >>>> Rack1R5#ssh -l OPERATOR 150.1.4.4 >>>> >>>> Password: >>>> >>>> Rack1R4> >>>> >>>> >>>> Still the same prompt >>>> >>>> >>>> Regards >>>> >>>> >>>> >>>> On Thu, Dec 3, 2009 at 3:52 PM, Kingsley Charles < >>>> [email protected]> wrote: >>>> >>>>> I think, you need to configure "privilege level 15" under the vty line. >>>>> >>>>> The privilege level that you associate with the username might be used >>>>> for backup, if the parserv view is not configured for the user. >>>>> >>>>> With regards >>>>> Kings >>>>> >>>>> On Thu, Dec 3, 2009 at 4:39 PM, Badar Farooq >>>>> <[email protected]>wrote: >>>>> >>>>>> Here is what I am trying to do >>>>>> I am creating two users ADMIN and Operator. ADMIN has all the rights >>>>>> and for OPERATOR i am restricting the access through role based CLI >>>>>> using a >>>>>> view HTTP. >>>>>> I am using local authentication and authorization, placing both users >>>>>> at privilege level 15 and placing OPERATOR in view HTTP. >>>>>> When I login using the OPERATOR, instead of being placed at exec (priv >>>>>> 15) I am placed at priv level 0. If i enable here, I am given level 15 un >>>>>> restricted access. >>>>>> >>>>>> What am i doing wrong. >>>>>> Here is the config >>>>>> >>>>>> aaa authentication login default none >>>>>> aaa authentication login VTY local >>>>>> aaa authorization exec VTY local >>>>>> ! >>>>>> username ADMIN privilege 15 password 0 CISCO >>>>>> username OPERATOR privilege 15 view HTTP password 0 CISCO >>>>>> ! >>>>>> line vty 0 4 >>>>>> password cisco >>>>>> authorization exec VTY >>>>>> login authentication VTY >>>>>> transport input ssh >>>>>> ! >>>>>> parser view HTTP >>>>>> secret 5 $1$WpiY$Xj9az9zBmG5nWyN7sdUkK. >>>>>> commands configure include all ip http >>>>>> commands configure include ip >>>>>> commands exec include configure terminal >>>>>> commands exec include configure >>>>>> ! >>>>>> >>>>>> >>>>>> And here is my issue >>>>>> >>>>>> Rack1R5#ssh -l OPERATOR 150.1.4.4 >>>>>> >>>>>> Password: >>>>>> >>>>>> Rack1R4> >>>>>> >>>>>> (Note here.... i am not in priv lev 15) >>>>>> >>>>>> if I enable here I go out of the view and have all the access >>>>>> >>>>>> shouldn't I be placed in exec mode but in restricted view... >>>>>> >>>>>> With other user, i am directly placed in exec >>>>>> Rack1R5#ssh -l ADMIN 150.1.4.4 >>>>>> >>>>>> Password: >>>>>> >>>>>> Rack1R4# >>>>>> >>>>>> Any help will be appreciated >>>>>> >>>>>> >>>>>> Regards >>>>>> Badar Farooq >>>>>> >>>>>> _______________________________________________ >>>>>> For more information regarding industry leading CCIE Lab training, >>>>>> please visit www.ipexpert.com >>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
