Ahaan So shouldn't I get # prompt for operator because of priv 15 ? On Thu, Dec 3, 2009 at 4:51 PM, Tyson Scott <[email protected]> wrote:
> Badar, > > > > Actually it is working perfectly. I copied and pasted your configuration > onto a router. The one thing that you should change is > > “username ADMIN privilege 15 view root password CISCO” > > > > R7#ssh -l OPERATOR 7.7.7.7 > > *Dec 3 14:49:56.579: %SYS-5-CONFIG_I: Configured from console by console > > > > Password: > > > > R7>show privilege > > Currently in View Context with view 'HTTP' > > R7>conf t > > Enter configuration commands, one per line. End with CNTL/Z. > > R7(config)>? > > Configure commands: > > do To run exec commands in config mode > > exit Exit from configure mode > > ip Global IP configuration subcommands > > > > R7(config)>ip ? > > Global IP configuration subcommands: > > http HTTP server configuration > > > > R7(config)>ip http ? > > accounting Set http server accounting parameters > > active-session-modules Set up active http server session modules > > authentication Set http server authentication method > > client Set http client parameters > > help-path HTML help root URL > > max-connections Set maximum number of concurrent http > server > > connections > > path Set base path for HTML > > port Set http port > > secure-active-session-modules Set up active http secure server session > > modules > > secure-ciphersuite Set http secure server ciphersuite > > secure-client-auth Set http secure server with client > > authentication > > secure-port Set http secure server port number for > > listening > > secure-server Enable HTTP secure server > > secure-trustpoint Set http secure server certificate > trustpoint > > server Enable http server > > session-module-list Set up a http(s) server session module > list > > timeout-policy Set http server time-out policy parameters > > > > R7(config)>ip http > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United > States, Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Thursday, December 03, 2009 7:53 AM > *To:* Badar Farooq > *Cc:* [email protected] > *Subject:* Re: [OSL | CCIE_Security] Role Based CLI Issues > > > > I think, you need to configure "privilege level 15" under the vty line. > > > > The privilege level that you associate with the username might be used for > backup, if the parserv view is not configured for the user. > > > > With regards > > Kings > > On Thu, Dec 3, 2009 at 4:39 PM, Badar Farooq <[email protected]> > wrote: > > Here is what I am trying to do > I am creating two users ADMIN and Operator. ADMIN has all the rights and > for OPERATOR i am restricting the access through role based CLI using a view > HTTP. > I am using local authentication and authorization, placing both users at > privilege level 15 and placing OPERATOR in view HTTP. > When I login using the OPERATOR, instead of being placed at exec (priv 15) > I am placed at priv level 0. If i enable here, I am given level 15 un > restricted access. > > What am i doing wrong. > Here is the config > > aaa authentication login default none > aaa authentication login VTY local > aaa authorization exec VTY local > ! > username ADMIN privilege 15 password 0 CISCO > username OPERATOR privilege 15 view HTTP password 0 CISCO > ! > line vty 0 4 > password cisco > authorization exec VTY > login authentication VTY > transport input ssh > ! > parser view HTTP > secret 5 $1$WpiY$Xj9az9zBmG5nWyN7sdUkK. > commands configure include all ip http > commands configure include ip > commands exec include configure terminal > commands exec include configure > ! > > > And here is my issue > > Rack1R5#ssh -l OPERATOR 150.1.4.4 > > Password: > > Rack1R4> > > (Note here.... i am not in priv lev 15) > > if I enable here I go out of the view and have all the access > > shouldn't I be placed in exec mode but in restricted view... > > With other user, i am directly placed in exec > Rack1R5#ssh -l ADMIN 150.1.4.4 > > Password: > > Rack1R4# > > Any help will be appreciated > > > Regards > Badar Farooq > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
