Ok Tyson you asked for it. J
Attached are the show commands for levels 1 and 15, I got these by doing
a "sho ?" while enabled at each privilege level.
There are 135 additional commands at level 15.
Terry Little
(425) 894-4109 (m)
(425) 468-1057 (o)
From: Tyson Scott [mailto:[email protected]]
Sent: Friday, June 04, 2010 11:14 AM
To: Terry Little (terlittl); 'CCIE Sec'
Subject: RE: [OSL | CCIE_Security] lab 5a: privilege levels
It is possible that there are other show commands at level 15 that I
didn't consider but they would have to be individually brought down.
But I can't think of other show commands that aren't allowed at priv 1.
Anyone is welcome to correct me :)
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: [email protected]
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130
IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
CCIE (R&S, Voice, Security & Service Provider) certification(s) with
training locations throughout the United States, Europe, South Asia and
Australia. Be sure to visit our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com
<http://www.ipexpert.com/>
From: [email protected]
[mailto:[email protected]] On Behalf Of Terry
Little (terlittl)
Sent: Friday, June 04, 2010 1:36 PM
To: CCIE Sec
Subject: [OSL | CCIE_Security] lab 5a: privilege levels
OK, lab 5 says to allow u2 (privilege level 5) to access all show
commands except show ver. In tacacs this is easy. In ios setting the
privilege level on the commands it seems easy when looking at the DSG.
My question is this: Of all the show commands that are at level 15 why
are only "sho run" and "sho start" moved down to level 5? This doesn't
seem to meet the problem requirements. Other than identifying all the
level 15 show commands and moving them one by one is this even possible
since "priv exec all lev 5 show" overrides the "priv exec lev 15 show
version" command?
Or am I just over-thinking this whole thing?
Terry Little
[email protected]
Phone: +1 425 468 1057
Mobile: +1 425 894 4109
Cisco Systems, Inc.
Network Consulting Engineer
World Wide Security Services Practice
Cisco.com - http://www.cisco.com
This email may contain confidential and privileged material for the sole
use of the intended recipient. Any review, use, distribution or
disclosure by others is strictly prohibited. If you are not the intended
recipient (or authorized to receive for the recipient), please contact
the sender by reply email and delete all copies of this message.
For corporate legal information go to:
http://www.cisco.com/web/about/doing_business/legal/cri/index.html
R4#sho ?
aaa Show AAA values
aal2 Show commands for AAL2
access-expression List access expression
access-lists List access lists
accounting Accounting data for active sessions
adjacency Adjacent nodes
alarm-interface Display information about a specific Alarm
Interface Card
aliases Display alias commands
alignment Show alignment information
alps Alps information
appfw Application Firewall information
appletalk AppleTalk information
arap Show Appletalk Remote Access statistics
archive Archive of the running configuration information
arp ARP table
ase Display ASE specific information
async Information on terminal lines used as router
interfaces
auto Show Automation Template
autoupgrade Show autoupgrade related information
backhaul-session-manager Backhaul Session Manager information
backup Backup status
bcm560x BCM560x HW Table
beep Show BEEP information
bfd BFD protocol info
bgp BGP information
bridge Bridge Forwarding/Filtering Database [verbose]
bsc BSC interface information
bstun BSTUN interface information
buffers Buffer pool statistics
calendar Display the hardware calendar
call Show call
call-manager-fallback Show call-manager fallback configuration & stats
caller Display information about dialup connections
callmon Show call monitor info
capf-server Display CAPF server details
cca CCA information
ccm-manager Call Manager Application information
cdapi CDAPI information
cdp CDP information
cef CEF address family independent status
cem cem channel information
cfmpal Show CFM Commands
checkpoint Checkpoint Facility (CPF)
class-map Show QoS Class Map
clns CLNS network information
clock Display the system clock
cls DLC user information
cns CNS agents
compress Show compression statistics
configuration Configuration details
connection Show Connection
context Show context information about recent crash(s)
control-plane Control Plane information
controllers Interface controller status
cops COPS information
credentials Show credentials service configuration
crm Carrier Resource Manager info
crypto Encryption module
ctl-client Display CTL Client details
cwmp Show CPE WAN Management Protocol(cwmp) information
dampening Display dampening information
data-corruption Show data errors
debugging State of each debugging option
decnet DECnet information
derived-config Derived operating configuration
dhcp Dynamic Host Configuration Protocol status
diag Show diagnostic information for port
adapters/modules
dial-peer Dial Plan Mapping Table for, e.g. VoIP Peers
dialer Dialer parameters and statistics
dialplan Voice telephony dial plan
dlsw Data Link Switching information
dmvpn Display DMVPN session related information
dn-numbers Directory number information of CME
dnsix Shows Dnsix/DMDP information
dot11 IEEE 802.11 show information
dot1x Dot1x information
drip DRiP DB
dspfarm Display DSPFARM related information
dspu Display DSPU information
dtp DTP information
dxi atm-dxi information
eap Shows EAP registration/session information
echo-cancel Show Echo-cancellation Info
eigrp EIGRP show commands
entry Queued terminal entries
environment Environmental monitor statistics
eou EAPoUDP
ephone Show all or one ephone status
ephone-dn Show all or one IP phone line
ephone-hunt Show all or one hunt group
epm EPM information
errdisable Error disable
etherchannel EtherChannel information
ethernet Ethernet parameters
event Embedded event related commands
event-manager Event manager information
exception exception information
fastblk fastblk memory information
fb-its-log Call-Manager-Fallback or IP Telephony Service Log
file Show filesystem information
flash: display information about flash: file system
flow Flow information
flow-sampler Display the flow samplers configured
format Show format information
frame-relay Frame-Relay information
fras FRAS Information
fras-host FRAS Host Information
funi FUNI information
gateway Show status of gateway
glbp GLBP information
h323 Show H.323 VoIP information
hardware Hardware specific information
history Display the session command history
hosts IP domain-name, lookup style, nameservers, and host
table
html HTML helper commands
http Display HTTP info
iapp DDP IAPP
idb List of Interface Descriptor Blocks
if-mgr if-mgr information
interfaces Interface status and configuration
inventory Show the physical inventory
ip IP information
ipc Interprocess communications commands
iphc-profile Show IPHC Profile
ipv6 IPv6 information
ipx Novell IPX information
irec-agent Show IREC Agent service configuration
isis IS-IS routing information
iua ISDN User Adaptation Layer information
kerberos Show Kerberos Values
key Key information
keymap Terminal keyboard mappings
kron Kron Subsystem
l2cac L2 CAC
lat DEC LAT information
license Show license information
line TTY line information
llc2 IBM LLC2 circuit information
local-ack Local Acknowledgement virtual circuits
location Display the system location
logging Show the contents of logging buffers
login Display Secure Login Configurations and State
mac-address-table MAC forwarding table
management Display the management applications
management-interface Host management-interface information
mdf Show the names of configured EMM menus
media Display media related information
memory Memory statistics
mgcp Display Media Gateway Control Protocol information
microcode show configured microcode for downloadable hardware
mls Show MultiLayer Switching information
modem Show modem
modem-pool Display modem pool information
modemcap Show Modem Capabilities database
monitor Monitoring different system events
mpls MPLS information
mrcp MRCP information
mwi mwi related information
nbf NBF (NetBEUI) information
ncia Native Client Interface Architecture
netbios-cache NetBIOS name cache contents
netconf Show NETCONF information
network-clocks Network clocks information
nhrp Display NHRP related information
node Show known LAT nodes
ntp Network time protocol
num-exp Number Expansion (Speed Dial) information
object-group List object groups
odm-format Show the schema used for ODM input file
oer Optimized Exit Routing information
pagp Port channel information
parameter-map parameter map information
parser Show parser commands
pas Port Adaptor Information
pci PCI Information
platform Show platform information
pm Show Port Manager commands
policy-manager Policy Manager
policy-map Show QoS Policy Map
ppp PPP parameters and statistics
pppatm PPP over ATM
pppoe PPPoE information
presence Show status of presence
printers Show LPD printer information
privilege Show current privilege level
processes Active process statistics
protocols Active network routing protocols
qdm Show information about QoS Device Manager
qllc Display qllc-llc2 and qllc-sdlc conversion
information
queue Show queue contents
queueing Show queueing configuration
radius Shows radius information
random-detect-group display random-detect group
rbscp RBSCP information
redundancy Redundancy Facility (RF) information
region Region Manager Status
registry Function registry information
reload Scheduled reload information
resource Display Resource Usage/Relations and more details
rhosts Remote-host+user equivalences
rif RIF cache entries
rlm Show RLM
rmi Resource User Infrastructure information
rmon rmon statistics
rom-monitor show ROMMON region information
route-map route-map information
rpms-proc RPMS Process Information
rtpspi RTP Service Provider Interface
rtsp Real Time Streaming Protocol information
rudpv1 Rudpv1 information
running-config Current operating configuration
sampler Sampler information
sasl show SASL information
sccp Display Skinny Client Control Protocol information
scp SCP commands
sctp SCTP information
sdllc Display sdlc - llc2 conversion information
sdspfarm Show dspfarm status from SCCP server
secure Show secure image and configuration archive
services LAT learned services
sessions Information about Telnet connections
settlement Show status of settlement
sgbp SGBP group information
shared-line Show shared-line info
sip-ua Show SIP User Agent
smds SMDS information
smf Software MAC filter
sna Display SNA host information
snap Show information on SNAP server
snapshot Snapshot parameters and statistics
snmp snmp statistics
sockets Socket Details
source-bridge Source-bridge parameters and statistics
spanning-tree Spanning tree topology
srcp Display SRCP Protocol information
ssh Status of SSH server connections
ssm Segment Switching Manager Status
sss SSS Information
stacks Process stack utilization
standby Hot Standby Router Protocol (HSRP) information
startup-config Contents of startup configuration
stcapp show SCCP Telephony
storm-control Show packet storm control configuration
stun STUN status and configuration
subscriber-policy Subscriber policy
subscription Subscription information to show
subsys Show subsystem information
table-map Show Table Map
tacacs Shows tacacs+ server statistics
tarp TARP information
tcp Status of TCP connections
tdm TDM connection information
tech-support Show system information for Tech-Support
telephony-service Show Cisco IOS Telephony Service Configuration &
Stats
template Template information
terminal Display terminal configuration parameters
tgrep Show TGREP information
tidp Show TIDP information
time-range Time range
tn3270 TN3270 settings
track Tracking information
traffic-shape traffic rate shaping configuration
translate Protocol translation information
translation-rule Show translation rule table
trunk Trunk Group info
ttycap Terminal capability tables
tunnel Show configured tunnels
udp UDP Details
usb USB Interface
user-group Display User Group information
users Display information about terminal lines
vc-group Show VC Group
version System hardware and software status
vfi Virtual Forwarding Instance information
vlan-range VLAN Range
vlan-switch VTP VLAN status
vlans Virtual LANs Information
vmi Show vmi commands
voice Voice port configuration & stats
voip Voice over Internet Protocol information
vpdn VPDN information
vrf VPN Routing/Forwarding instance information
vrrp VRRP information
vsp Voice Streaming Processing information
vtemplate Virtual Template interface information
vtp VTP information
warm-reboot Show Warm Reboot related information
webvpn WebVPN information
whoami Info on current tty line
wrr-queue WRR queue
wsma Show Web Services Management Agents information
x25 X.25 information
x28 X.28 rotary information
x29 X.29 information
xconnect xconnect information
xsd-format Show the ODM XSD for the command
zone Zone Information
zone-pair Zone pair information
R4#sho
R4>sho ?
aaa Show AAA values
aal2 Show commands for AAL2
adjacency Adjacent nodes
alarm-interface Display information about a specific Alarm Interface
Card
alps Alps information
appfw Application Firewall information
arp ARP table
auto Show Automation Template
autoupgrade Show autoupgrade related information
backup Backup status
bcm560x BCM560x HW Table
bfd BFD protocol info
bgp BGP information
calendar Display the hardware calendar
call Show call
caller Display information about dialup connections
callmon Show call monitor info
cca CCA information
ccm-manager Call Manager Application information
cdapi CDAPI information
cdp CDP information
cem cem channel information
cfmpal Show CFM Commands
class-map Show QoS Class Map
clock Display the system clock
cns CNS agents
compress Show compression statistics
connection Show Connection
context Show context information about recent crash(s)
control-plane Control Plane information
controllers Interface controller status
cops COPS information
crm Carrier Resource Manager info
crypto Encryption module
cwmp Show CPE WAN Management Protocol(cwmp) information
dampening Display dampening information
dial-peer Dial Plan Mapping Table for, e.g. VoIP Peers
dialer Dialer parameters and statistics
dn-numbers Directory number information of CME
dot11 IEEE 802.11 show information
dot1x Dot1x information
drip DRiP DB
dspfarm Display DSPFARM related information
eigrp EIGRP show commands
ephone Show all or one ephone status
ephone-dn Show all or one IP phone line
ephone-hunt Show all or one hunt group
epm EPM information
errdisable Error disable
etherchannel EtherChannel information
ethernet Ethernet parameters
event-manager Event manager information
exception exception information
fb-its-log Call-Manager-Fallback or IP Telephony Service Log
flash: display information about flash: file system
flow-sampler Display the flow samplers configured
format Show format information
fras-host FRAS Host Information
funi FUNI information
gateway Show status of gateway
h323 Show H.323 VoIP information
hardware Hardware specific information
history Display the session command history
hosts IP domain-name, lookup style, nameservers, and host
table
http Display HTTP info
iapp DDP IAPP
if-mgr if-mgr information
inventory Show the physical inventory
ip IP information
ipc Interprocess communications commands
iphc-profile Show IPHC Profile
ipv6 IPv6 information
kerberos Show Kerberos Values
kron Kron Subsystem
l2cac L2 CAC
location Display the system location
login Display Secure Login Configurations and State
management Display the management applications
management-interface Host management-interface information
mdf Show the names of configured EMM menus
media Display media related information
memory Memory statistics
mgcp Display Media Gateway Control Protocol information
microcode show configured microcode for downloadable hardware
mls Show MultiLayer Switching information
modem Show modem
modemcap Show Modem Capabilities database
monitor Monitoring different system events
mpls MPLS information
mrcp MRCP information
mwi mwi related information
ncia Native Client Interface Architecture
network-clocks Network clocks information
num-exp Number Expansion (Speed Dial) information
object-group List object groups
odm-format Show the schema used for ODM input file
pagp Port channel information
parameter-map parameter map information
parser Show parser commands
platform Show platform information
pm Show Port Manager commands
policy-map Show QoS Policy Map
ppp PPP parameters and statistics
pppoe PPPoE information
presence Show status of presence
qdm Show information about QoS Device Manager
queue Show queue contents
queueing Show queueing configuration
radius Shows radius information
rbscp RBSCP information
redundancy Redundancy Facility (RF) information
rmi Resource User Infrastructure information
rmon rmon statistics
rom-monitor show ROMMON region information
rpms-proc RPMS Process Information
rtsp Real Time Streaming Protocol information
sasl show SASL information
sccp Display Skinny Client Control Protocol information
scp SCP commands
sdspfarm Show dspfarm status from SCCP server
sessions Information about Telnet connections
settlement Show status of settlement
sgbp SGBP group information
shared-line Show shared-line info
snmp snmp statistics
sockets Socket Details
srcp Display SRCP Protocol information
ssh Status of SSH server connections
sss SSS Information
stcapp show SCCP Telephony
storm-control Show packet storm control configuration
subscription Subscription information to show
table-map Show Table Map
tacacs Shows tacacs+ server statistics
tdm TDM connection information
template Template information
terminal Display terminal configuration parameters
tgrep Show TGREP information
time-range Time range
traffic-shape traffic rate shaping configuration
translation-rule Show translation rule table
trunk Trunk Group info
udp UDP Details
usb USB Interface
user-group Display User Group information
users Display information about terminal lines
vc-group Show VC Group
version System hardware and software status
vfi Virtual Forwarding Instance information
vlan-switch VTP VLAN status
vmi Show vmi commands
voice Voice port configuration & stats
vpdn VPDN information
vrf VPN Routing/Forwarding instance information
vrrp VRRP information
vtp VTP information
warm-reboot Show Warm Reboot related information
webvpn WebVPN information
wrr-queue WRR queue
wsma Show Web Services Management Agents information
xconnect xconnect information
xsd-format Show the ODM XSD for the command
zone Zone Information
zone-pair Zone pair information
R4>sho
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
