I guess I will have to update the lab ;) Will have to decide which I want to do. The easy or the hard road. Thanks for the feedback.
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com/> www.ipexpert.com From: Terry Little (terlittl) [mailto:[email protected]] Sent: Friday, June 04, 2010 2:22 PM To: Tyson Scott; CCIE Sec Subject: RE: [OSL | CCIE_Security] lab 5a: privilege levels Ok Tyson you asked for it. J Attached are the show commands for levels 1 and 15, I got these by doing a "sho ?" while enabled at each privilege level. There are 135 additional commands at level 15. Terry Little (425) 894-4109 (m) (425) 468-1057 (o) From: Tyson Scott [mailto:[email protected]] Sent: Friday, June 04, 2010 11:14 AM To: Terry Little (terlittl); 'CCIE Sec' Subject: RE: [OSL | CCIE_Security] lab 5a: privilege levels It is possible that there are other show commands at level 15 that I didn't consider but they would have to be individually brought down. But I can't think of other show commands that aren't allowed at priv 1. Anyone is welcome to correct me :) Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of Terry Little (terlittl) Sent: Friday, June 04, 2010 1:36 PM To: CCIE Sec Subject: [OSL | CCIE_Security] lab 5a: privilege levels OK, lab 5 says to allow u2 (privilege level 5) to access all show commands except show ver. In tacacs this is easy. In ios setting the privilege level on the commands it seems easy when looking at the DSG. My question is this: Of all the show commands that are at level 15 why are only "sho run" and "sho start" moved down to level 5? This doesn't seem to meet the problem requirements. Other than identifying all the level 15 show commands and moving them one by one is this even possible since "priv exec all lev 5 show" overrides the "priv exec lev 15 show version" command? Or am I just over-thinking this whole thing? Terry Little [email protected] Phone: +1 425 468 1057 Mobile: +1 425 894 4109 Cisco Systems, Inc. Network Consulting Engineer World Wide Security Services Practice Cisco.com - http://www.cisco.com This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
