well, that's a little bummer, because if the user is in privileged exec
(enable) mode, the default from a privilege perspective is to allow them
some sort of configuration permission. I suppose the best question is, why
do you want to restrict them to 'show interface'?
The best way to accomplish what you want is to restrict them to non-enabled
commands so that they can't make any configuration changes. I don't know of
any way to restrict the show commands at the disabled EXEC mode - maybe
someone else can help you with that.
At the disabled EXEC mode, you can type ? to see what they're allowed to do.
(there are a few other hidden commands that they can do at that level too)
-e-
----- Original Message -----
From: "SH Wesson"
To:
Sent: Thursday, April 19, 2001 9:09 AM
Subject: Re: telnet [7:1212]
> Thanks. I did it and did the "privilege exec level 1 show interface" for
a
> user with privilege 1 access. However, when they log in with the username
> that has privilege 1 access like above, they can use other commands
besides
> the one above which I didn't put in. How can I restrict it to "privilege
> exec level 1 show interface" ONLY. Thanks.
>
>
> >From: "EA Louie"
> >To: "SH Wesson" ,
> >Subject: Re: telnet [7:1212]
> >Date: Thu, 19 Apr 2001 08:48:59 -0700
> >MIME-Version: 1.0
> >Received: from [24.0.95.108] by hotmail.com (3.2) with ESMTP id
> >MHotMailBCA853B40062400438E318005F6CA5980; Thu Apr 19 08:48:04 2001
> >Received: from cx555712b ([24.21.8.196]) by femail12.sdc1.sfba.home.com
> > (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP
> >id ;
> > Thu, 19 Apr 2001 08:48:05 -0700
> >From [EMAIL PROTECTED] Thu Apr 19 08:49:24 2001
> >Message-ID:
> >References:
> >X-Priority: 3
> >X-MSMail-Priority: Normal
> >X-Mailer: Microsoft Outlook Express 5.50.4522.1200
> >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
> >
> >yes. Some of the ways to do it:
> >
> >1. Set a generic username/password with a privelege level of 1. Set
your
> >own username/password with a privelege level of 15. Then set the command
> >that you want privelege level 1 to be able to use
> >
> >2. Set different enable passwords for different privelege levels.
> >
> >3. Don't give the other users the enable password, and they'll be
> >restricted to the simple show cammands (show interface, show ip route)
and
> >they'll have no access to the running or saved configuration.
> >
> >see (watch URL wrap-there are configuration examples at the bottom)
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secu
r
> >_c/scprt5/scpass.htm
> >and
>
>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secu
r
> >_r/srprt5/srpass.htm
> >
> >-e-
> >----- Original Message -----
> >From: "SH Wesson"
> >To:
> >Sent: Thursday, April 19, 2001 6:18 AM
> >Subject: telnet [7:1212]
> >
> >
> > > I want to allow this one network to be able to to telnet into my
router,
> >but
> > > when then telnet into it I only want to give them access to the "show
> > > interface" command and nothing else. However when I telnet into it
from
> >my
> > > network I want to be able to access everything.
> > >
> > > What I've done is set the password on vty 0 4 and use the command
login.
> > > However when they telnet to it and type the password to login then can
> > > access a lot of other commands including "show version", "show
logging",
> > > "show standby", a lot of others even though they can't get into config
t
> > > mode.
> > >
> > > Can anyone show me how to configure it to restrict the above telnet to
> >only
> > > a few commands. Thanks.
> > >
> > >
> > > _________________________________________________________________
> > > Get your FREE download of MSN Explorer at http://explorer.msn.com
> > > FAQ, list archives, and subscription info:
> >http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1264&t=1212
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
