When you login as a view you don't get the # prompt. You can see that from even going into config mode.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com From: Badar Farooq [mailto:[email protected]] Sent: Thursday, December 03, 2009 8:54 AM To: Tyson Scott Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Role Based CLI Issues Ahaan So shouldn't I get # prompt for operator because of priv 15 ? On Thu, Dec 3, 2009 at 4:51 PM, Tyson Scott <[email protected]> wrote: Badar, Actually it is working perfectly. I copied and pasted your configuration onto a router. The one thing that you should change is "username ADMIN privilege 15 view root password CISCO" R7#ssh -l OPERATOR 7.7.7.7 *Dec 3 14:49:56.579: %SYS-5-CONFIG_I: Configured from console by console Password: R7>show privilege Currently in View Context with view 'HTTP' R7>conf t Enter configuration commands, one per line. End with CNTL/Z. R7(config)>? Configure commands: do To run exec commands in config mode exit Exit from configure mode ip Global IP configuration subcommands R7(config)>ip ? Global IP configuration subcommands: http HTTP server configuration R7(config)>ip http ? accounting Set http server accounting parameters active-session-modules Set up active http server session modules authentication Set http server authentication method client Set http client parameters help-path HTML help root URL max-connections Set maximum number of concurrent http server connections path Set base path for HTML port Set http port secure-active-session-modules Set up active http secure server session modules secure-ciphersuite Set http secure server ciphersuite secure-client-auth Set http secure server with client authentication secure-port Set http secure server port number for listening secure-server Enable HTTP secure server secure-trustpoint Set http secure server certificate trustpoint server Enable http server session-module-list Set up a http(s) server session module list timeout-policy Set http server time-out policy parameters R7(config)>ip http Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Kingsley Charles Sent: Thursday, December 03, 2009 7:53 AM To: Badar Farooq Cc: [email protected] Subject: Re: [OSL | CCIE_Security] Role Based CLI Issues I think, you need to configure "privilege level 15" under the vty line. The privilege level that you associate with the username might be used for backup, if the parserv view is not configured for the user. With regards Kings On Thu, Dec 3, 2009 at 4:39 PM, Badar Farooq <[email protected]> wrote: Here is what I am trying to do I am creating two users ADMIN and Operator. ADMIN has all the rights and for OPERATOR i am restricting the access through role based CLI using a view HTTP. I am using local authentication and authorization, placing both users at privilege level 15 and placing OPERATOR in view HTTP. When I login using the OPERATOR, instead of being placed at exec (priv 15) I am placed at priv level 0. If i enable here, I am given level 15 un restricted access. What am i doing wrong. Here is the config aaa authentication login default none aaa authentication login VTY local aaa authorization exec VTY local ! username ADMIN privilege 15 password 0 CISCO username OPERATOR privilege 15 view HTTP password 0 CISCO ! line vty 0 4 password cisco authorization exec VTY login authentication VTY transport input ssh ! parser view HTTP secret 5 $1$WpiY$Xj9az9zBmG5nWyN7sdUkK. commands configure include all ip http commands configure include ip commands exec include configure terminal commands exec include configure ! And here is my issue Rack1R5#ssh -l OPERATOR 150.1.4.4 Password: Rack1R4> (Note here.... i am not in priv lev 15) if I enable here I go out of the view and have all the access shouldn't I be placed in exec mode but in restricted view... With other user, i am directly placed in exec Rack1R5#ssh -l ADMIN 150.1.4.4 Password: Rack1R4# Any help will be appreciated Regards Badar Farooq _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com <http://www.ipexpert.com/>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
