I had the same issue. You have to add an extra attribute on the acs related to the priv-lvl. I can't remember the exact command. That means you will have two attributes, the shell-cli-name: and the one I am telling you
Good luck Sent from my iPhone On Apr 22, 2010, at 11:49 PM, ccie_security- [email protected] wrote: > Send CCIE_Security mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://onlinestudylist.com/mailman/listinfo/ccie_security > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of CCIE_Security digest..." > > > Today's Topics: > > 1. Re: Role Based Access Control Questions (Tyson Scott) > 2. Lab 1, Task 1.8 (Johan Bornman) > 3. Re: Time management (Kingsley Charles) > 4. Re: Time management (Ruwan Wickramanayake) > 5. Re: Lab 1, Task 1.8 (Mohamed Gazzaz) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 22 Apr 2010 17:04:13 -0400 > From: "Tyson Scott" <[email protected]> > Subject: Re: [OSL | CCIE_Security] Role Based Access Control Questions > To: "'Brian Almond'" <[email protected]>, > <[email protected]> > Message-ID: <003901cae25f$644a93a0$2cdfba...@com> > Content-Type: text/plain; charset="us-ascii" > > Brian, > > > > do show priv. Depending on the version of code you may see > > instead of # > even in privilege 15 in roles. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Technical Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on > Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the > Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia > and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at > www.ipexpert.com > <http://www.ipexpert.com/> > > > > From: [email protected] > [mailto:[email protected]] On Behalf Of > Brian Almond > Sent: Thursday, April 22, 2010 1:18 PM > To: [email protected] > Subject: [OSL | CCIE_Security] Role Based Access Control Questions > > > > I can't seem to get RBAC working with the ACS. I have tried the > example in > Yusuf's lab with tacacs and the Lab 4 example with radius. I have > configured > per the solution guides, but when I log in with the user from ACS I > don't > get a view, I get user exec mode. > > Am I missing something? > > -- > Brian Almond > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://onlinestudylist.com/pipermail/ccie_security/attachments/20100422/df65af62/attachment-0001.htm > > ------------------------------ > > Message: 2 > Date: Fri, 23 Apr 2010 05:31:14 +0200 > From: "Johan Bornman" <[email protected]> > Subject: [OSL | CCIE_Security] Lab 1, Task 1.8 > To: <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Hi, > > > > I am having difficulty finding a good cisco doc about object groups. > My > question is about the acl. Is there any logic to the sequence/ > position of > the object groups applied in the acl? > > > > Thanks > > > > Johan > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://onlinestudylist.com/pipermail/ccie_security/attachments/20100423/66a2fafa/attachment-0001.htm > > ------------------------------ > > Message: 3 > Date: Fri, 23 Apr 2010 10:24:26 +0530 > From: Kingsley Charles <[email protected]> > Subject: Re: [OSL | CCIE_Security] Time management > To: Willians Barboza <[email protected]> > Cc: OSL Security <[email protected]> > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > My idea of the lab is as following: > > QEQ - 30 mins > Lab - 8 hours > > When can we take the break and how many breaks can we take. Is the > break > accounted in the 8 hours? > Will we given separate time for reading the questions? > > With regards > Kings > > On Thu, Apr 22, 2010 at 9:40 PM, Willians Barboza < > [email protected]> wrote: > >> Just remember that unused time on OEQ can be used in the other part >> of >> the lab... So, if you are sure of your questions, dont need to spend >> the whole 30 minutes on it... >> >> 2010/4/22 Jimmy Larsson <[email protected]>: >>> am thinking of time management. If I reserve the first 30 min for >>> OEQ, >>> another 30 min for me to read thru the entire lab and making >> notes/diagrams >>> while reading, and reserve the last hour for verification there >>> are 6 >> hours >>> left for doing configuration. >>> That means roughly 15 min per 4 points. (question: in ipexpert >>> WB1/2, >> most >>> tasks are 4 points. Is it the same in the real lab)? >>> Is this a realistic plan? I guess my goal then is to make all WB2 4 >> points >>> tasks under 15 minutes (yeah right, good luck to me!) ;) and also >>> that I >>> will drop a task unfinished if not done after lets say 20 minutes. >>> Does this make sense? >>> /J >>> -- >>> ------- >>> Jimmy Larsson >>> Ryavagen 173 >>> s-26030 Vallakra >>> Sweden >>> http://blogg.kvistofta.nu >>> ------- >>> >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, >>> please >>> visit www.ipexpert.com >>> >>> >> >> >> >> -- >> Willians Barboza >> CCIE Security # 25629 >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, >> please >> visit www.ipexpert.com >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://onlinestudylist.com/pipermail/ccie_security/attachments/20100423/eca4fd37/attachment-0001.htm > > ------------------------------ > > Message: 4 > Date: Fri, 23 Apr 2010 10:40:25 +0530 > From: Ruwan Wickramanayake <[email protected]> > Subject: Re: [OSL | CCIE_Security] Time management > To: Kingsley Charles <[email protected]> > Cc: OSL Security <[email protected]> > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > Hi Kings, > > According to my experience at Dubai Lab center, > > OEQ: 7:30 - 8:00 (Max 30 Minutes, If you finish earlier, you can > move into > the actual lab) > Lab: 8:00 - 12:30 > Luch: 12:30 - 1:00 > Lab: 1:00 - 4:00 > > So altogether, you will only get 8 hours for both OEQ and the Lab. > > You can take breaks (ex: to go to washroom etc) but still it accounted > within your 8 hours. You won't be getting extra time for those > breaks and > reading as well. > > HTH, > > Cheers, > Ruwan. > > > On Fri, Apr 23, 2010 at 10:24 AM, Kingsley Charles < > [email protected]> wrote: > >> My idea of the lab is as following: >> >> QEQ - 30 mins >> Lab - 8 hours >> >> When can we take the break and how many breaks can we take. Is the >> break >> accounted in the 8 hours? >> Will we given separate time for reading the questions? >> >> With regards >> Kings >> >> On Thu, Apr 22, 2010 at 9:40 PM, Willians Barboza < >> [email protected]> wrote: >> >>> Just remember that unused time on OEQ can be used in the other >>> part of >>> the lab... So, if you are sure of your questions, dont need to spend >>> the whole 30 minutes on it... >>> >>> 2010/4/22 Jimmy Larsson <[email protected]>: >>>> am thinking of time management. If I reserve the first 30 min for >>>> OEQ, >>>> another 30 min for me to read thru the entire lab and making >>> notes/diagrams >>>> while reading, and reserve the last hour for verification there >>>> are 6 >>> hours >>>> left for doing configuration. >>>> That means roughly 15 min per 4 points. (question: in ipexpert >>>> WB1/2, >>> most >>>> tasks are 4 points. Is it the same in the real lab)? >>>> Is this a realistic plan? I guess my goal then is to make all WB2 4 >>> points >>>> tasks under 15 minutes (yeah right, good luck to me!) ;) and also >>>> that I >>>> will drop a task unfinished if not done after lets say 20 minutes. >>>> Does this make sense? >>>> /J >>>> -- >>>> ------- >>>> Jimmy Larsson >>>> Ryavagen 173 >>>> s-26030 Vallakra >>>> Sweden >>>> http://blogg.kvistofta.nu >>>> ------- >>>> >>>> _______________________________________________ >>>> For more information regarding industry leading CCIE Lab training, >>> please >>>> visit www.ipexpert.com >>>> >>>> >>> >>> >>> >>> -- >>> Willians Barboza >>> CCIE Security # 25629 >>> _______________________________________________ >>> For more information regarding industry leading CCIE Lab training, >>> please >>> visit www.ipexpert.com >>> >> >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, >> please >> visit www.ipexpert.com >> >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://onlinestudylist.com/pipermail/ccie_security/attachments/20100423/f4e0992f/attachment-0001.htm > > ------------------------------ > > Message: 5 > Date: Fri, 23 Apr 2010 08:49:21 +0300 > From: Mohamed Gazzaz <[email protected]> > Subject: Re: [OSL | CCIE_Security] Lab 1, Task 1.8 > To: "[email protected]" <[email protected]>, > <[email protected]> > Message-ID: <[email protected]> > Content-Type: text/plain; charset="windows-1256" > > > > Hi Johan, > > > > http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml > > http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/traffic.html#wp1053224 > > > > HTH > > > > Regards, > > Mohamed Gazzaz > > > > > From: [email protected] > To: [email protected] > Date: Fri, 23 Apr 2010 05:31:14 +0200 > Subject: [OSL | CCIE_Security] Lab 1, Task 1.8 > > > > > > Hi, > > I am having difficulty finding a good cisco doc about object groups. > My question is about the acl. Is there any logic to the sequence/ > position of the object groups applied in the acl? > > Thanks > > Johan > _________________________________________________________________ > Hotmail: Powerful Free email with security by Microsoft. > https://signup.live.com/signup.aspx?id=60969 > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://onlinestudylist.com/pipermail/ccie_security/attachments/20100423/3663e60c/attachment.htm > > End of CCIE_Security Digest, Vol 46, Issue 117 > ********************************************** _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
