Job Search, Job Listing, Opportunity
Work at home job, job vacancy
find a job, vacancy list, cari lowongan
Butuh, Segera, secretary, director
« How to break ping & traceroute
password recovery on ccie lab »

Basic privilege issue

January 4, 2008 @ 4:09 pm · Filed under CCIE Study


Hi,
* YourPal wrote on 04.01.2008 19:03: > In summary, my requirement of allowing a user to view the complete “sh run” > but not permitting him to configure anything cannot be achieved.
It is possible. You can assign all needed config mode commands down to level 7, but leave all exec level commands (except for sh run) at level 15. This way, a show run lists all config commands assigned to level 7, but the user is not able to switch into config mode or do any other stuff on the exec level that requires level 15 like copy or write.
A better and more scalable approach is to use an external authentication server with command authorization. You can leave all commands at the default level, but based on profile information on that server you allow or reject certain commands (like configure).
Christian

Bookmark this post:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb
keywords found: default command christian allow scalable stuff anything 

Leave a Comment

Related Post