It is possible that there are other show commands at level 15 that I didn't consider but they would have to be individually brought down. But I can't think of other show commands that aren't allowed at priv 1. Anyone is welcome to correct me :)
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Terry Little (terlittl) Sent: Friday, June 04, 2010 1:36 PM To: CCIE Sec Subject: [OSL | CCIE_Security] lab 5a: privilege levels OK, lab 5 says to allow u2 (privilege level 5) to access all show commands except show ver. In tacacs this is easy. In ios setting the privilege level on the commands it seems easy when looking at the DSG. My question is this: Of all the show commands that are at level 15 why are only "sho run" and "sho start" moved down to level 5? This doesn't seem to meet the problem requirements. Other than identifying all the level 15 show commands and moving them one by one is this even possible since "priv exec all lev 5 show" overrides the "priv exec lev 15 show version" command? Or am I just over-thinking this whole thing? Terry Little [email protected] Phone: +1 425 468 1057 Mobile: +1 425 894 4109 Cisco Systems, Inc. Network Consulting Engineer World Wide Security Services Practice Cisco.com - http://www.cisco.com This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
