Just type "configure ter" and hit enter in the user mode, what do you see?
With regards Kings On Sun, Feb 27, 2011 at 3:46 PM, LEE READE <[email protected]> wrote: > it was just that the pg showed the user being authorised and put into exec > mode directly r4:#, whereas mine you go into user exec r4:/ > > also, if you know the enable password you can just enable up to priv15, i > just thought the idea was that the user was restricted to the commands you > make available in the view? > > thanks > > LR > > > ------------------------------ > *From:* Jerome Dolphin <[email protected]> > *To:* LEE READE <[email protected]> > *Cc:* [email protected] > *Sent:* Saturday, 26 February, 2011 22:52:57 > *Subject:* Re: [OSL | CCIE_Security] Security VOL1 5.7 Role Based CLI > > Hi Lee, what sort of comments are you looking for? Is there a specific > problem or everything is working as expected? > Cheers, Jerome > > > > On Sun, Feb 27, 2011 at 4:39 AM, LEE READE <[email protected]>wrote: > >> >> aaa new-model >> aaa authentication login default none >> aaa authentication login con none >> aaa authentication login vty group radius >> aaa authentication enable default enable >> aaa authorization exec default group radius >> >> ip radius source-interface Loopback0 >> radius-server attribute 6 mandatory >> radius-server host 10.1.1.100 auth-port 1812 acct-port 1813 key ipexpert >> radius-server vsa send accounting >> radius-server vsa send authentication >> >> parser view limited >> secret 5 $1$mCJ5$Eoq3E30WEqDiBqGBpn9V.1 >> commands exec include show ip interface brief >> commands exec include show ip interface >> commands exec include show ip >> commands exec include show clock >> commands exec include show version >> commands exec include show logging >> commands exec include show >> ! >> parser view limited2 >> secret 5 $1$N.IR$Fv0Jk7IkFpdCuCpCDXsb.. >> commands exec include ping >> commands exec include all show interfaces >> commands exec include show >> ! >> parser view super >> secret 5 $1$WWuS$oOrY4mkKRrCFkwpA7NHdn0 >> commands interface include shutdown >> commands interface include no shutdown >> commands interface include no >> commands configure include interface >> commands exec include configure terminal >> commands exec include configure >> commands exec include all show >> commands configure include interface FastEthernet0/1.49 >> ! >> parser view super-user superview >> secret 5 $1$mP4v$Hn1PdYa2Dt7c66/flrGDU1 >> view limited >> view limited2 >> view super >> >> debug radius and author- >> >> R4# >> Feb 26 17:37:42.773: AAA/BIND(00000013): Bind i/f >> Feb 26 17:37:42.773: RADIUS/ENCODE(00000013): ask "Username: " >> Feb 26 17:37:42.773: RADIUS/ENCODE(00000013): send packet; GET_USER >> R4# >> Feb 26 17:37:45.789: RADIUS/ENCODE(00000013): ask "Password: " >> Feb 26 17:37:45.789: RADIUS/ENCODE(00000013): send packet; GET_PASSWORD >> Feb 26 17:37:47.541: RADIUS/ENCODE(00000013):Orig. component type = EXEC >> Feb 26 17:37:47.541: RADIUS/ENCODE(00000013): dropping service type, >> "radius-server attribute 6 on-for-login-auth" is off >> Feb 26 17:37:47.541: RADIUS(00000013): Config NAS IP: 4.4.4.4 >> Feb 26 17:37:47.541: RADIUS/ENCODE(00000013): acct_session_id: 17 >> Feb 26 17:37:47.541: RADIUS(00000013): sending >> Feb 26 17:37:47.545: RADIUS(00000013): Send Access-Request to >> 10.1.1.100:1812 id >> 1645/17, len 85 >> Feb 26 17:37:47.545: RADIUS: authenticator A4 BD 3C 00 D9 59 48 20 - 41 >> 16 AA >> 18 6F 13 B0 D4 >> Feb 26 17:37:47.545: RADIUS: User-Name [1] 9 "limited" >> Feb 26 17:37:47.545: RADIUS: User-Password [2] 18 * >> Feb 26 17:37:47.545: RADIUS: NAS-Port [5] 6 >> 514 >> >> Feb 26 17:37:47.545: RADIUS: NAS-Port-Id [87] 8 "tty514" >> >> R4#Feb 26 17:37:47.545: RADIUS: NAS-Port-Type [61] 6 >> Virtual [5] >> Feb 26 17:37:47.545: RADIUS: Calling-Station-Id [31] 12 "10.1.1.100" >> Feb 26 17:37:47.545: RADIUS: NAS-IP-Address [4] 6 >> 4.4.4.4 >> >> Feb 26 17:37:47.553: RADIUS: Received from id 1645/17 10.1.1.100:1812, >> Access-Accept, len 91 >> Feb 26 17:37:47.553: RADIUS: authenticator AC DF 7E 66 06 DD 8B B6 - 92 >> 60 AF >> 36 7B FC 2A 69 >> Feb 26 17:37:47.553: RADIUS: Framed-IP-Address [8] 6 >> 255.255.255.255 >> >> Feb 26 17:37:47.553: RADIUS: Vendor, Cisco [26] 35 >> Feb 26 17:37:47.553: RADIUS: Cisco AVpair [1] 29 >> "shell:cli-view-name=limited" >> Feb 26 17:37:47.557: RADIUS: Service-Type [6] 6 NAS >> Prompt [7] >> Feb 26 17:37:47.557: RADIUS: Class [25] 24 >> Feb 26 17:37:47.557: RADIUS: 43 41 43 53 3A 30 2F 39 34 65 2F 34 30 34 >> 30 34 >> [CACS:0/94e/40404] >> Feb 26 17:37:47.557: RADIUS: 30 34 2F 35 31 34 >> [04/514] >> Feb 26 17:37:47.557: RADIUS(00000013): Received from id 1645/17 >> Feb 26 17:37:47.557: AAA/AUTHOR/EXEC(00000013): processing AV >> cli-view-name=limited >> Feb 26 17:37:47.557: AAA/AUTHOR/EXEC(00000013): processing AV >> service-type=7 >> Feb 26 17:37:47.561: AAA/AUTHOR/EXEC(00000013): Authorization successf >> >> as you can see it is being placed into the correct view, and show parser >> view on >> telnet client confirms this. >> >> apreciate any comments.. >> >> thanks >> >> LR >> >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
