Hi, Eugene and Piotr;
I may be missing something, here, but my understanding is that there are, in
effect, 4 levels of privilege:
privilege level 0
privilege level 1
privelege level 15
ALL OTHER privilege levels, i.e., privilege levels 2 - 14
This last group of privilege levels are all NOT heirarchical, but rather
intended to allow admins to customize AAA settings/values.
Perhaps, your alluding to privilege 2 is not/was not - intended to suggested
heirarchy, but rather this customizable aspect of those levels (2 - 14).... Is
so, then I apologize ... but just wanted to check.
Thank you.
Sincerely,
Joshua Dughi
[email protected]
Tel. 307-752-5891
--- On Tue, 1/17/12, Piotr Kaluzny <[email protected]> wrote:
From: Piotr Kaluzny <[email protected]>
Subject: Re: [OSL | CCIE_Security] Role-Based CLI.
To: "Eugene Pefti" <[email protected]>
Cc: "CCIE Security Maillist" <[email protected]>
Date: Tuesday, January 17, 2012, 12:17 PM
Eugene,
Did you enable shell (execution shell) authorization? Also if you want to see
the "#" - privilege exec mode, you must assign the user to at least privilege
level 2.
Regards,
--
Piotr Kaluzny
CCIE #25665 (Security), CCSP, CCNP
Sr. Support Engineer - IPexpert, Inc.
URL: http://www.IPexpert.com
On Tue, Jan 17, 2012 at 7:37 PM, Eugene Pefti <[email protected]> wrote:
Hello guys,
I know that this topic has been discussed many times and it seemed that
everyone made some mental adjustments as to how this RBAC/views should
function.
Still, I'd like to refresh and maybe understand what I miss.
I have this view configured on the router:
parser view HTTP
secret 5 $1$drws$VUPJ/.OK1lsO8rX/nublC1
commands configure include all ip http
commands configure include ip
commands exec include configure terminal
commands exec include configure
username HTTP-USER view HTTP password 0 cisco123
When I telnet into this router as HTTP-USER I'm not getting "#" prompt and
I can't run "config t" command
User Access Verification
Username: HTTP-USER
Password:
R2>config t
^
% Invalid input detected at '^' marker.
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
-----Inline Attachment Follows-----
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
Are you a CCNP or CCIE and looking for a job? Check out
www.PlatinumPlacement.com
