Even with the third line of example code, only an omitted/abbreviated ‘show running-config’ will be displayed for the user despite the command being specified at the correct privilege level. However, the show running-config command is treated differently to most show commands. With this example configuration, the second line will allow the ‘test_user’ to have access to a plethora of show related commands, which are normally not available at this privilege level.
Router(config)# privilege exec level 10 show running-config Router(config)# username test_user privilege 10 password privilege exec level 10 show This is a simple task for most show commands, as you can grant access through simple configuration as per below: When configuring different access levels to the router for different users, it is a common application for a network administrator to attempt to assign certain users to only have access to ‘show’ commands, and not provide access to any ‘configuration’ commands. The components used for the configuration examples within this document was an ASR1006.
Prerequisites RequirementsĪ basic understanding of cisco privilege levels is required to understand this document, the above introduction should suffice to explain the understanding of privilege levels that is required. However the same cannot be said for enabled the ‘show running-config’ command, as will be discussed below with our problem statement. With this configuration, when ‘user1’ connected to the router they would be able to run the ‘show access-lists’ command, and/or anything else enabled at that privilege level. Router(config)# username user1 privilege 7 password privilege exec level 7 show access-lists The administrator can then allocate individual commands (and various other options) to an individual privilege level to make this available for any user at this level. Therefore, the administrator can assign users different privilege levels in between these minimum and maximum privilege levels to separate what different users have access too. The remaining levels in between these minimum and maximum levels are undefined until the administrator assigns commands and/or users to them. Level 15 – Includes all commands available at the Privileged EXEC command mode.Level 1 – Includes all commands available at the User EXEC command mode.Level 0 – Includes only basic commands (disable, enable, exit, help, and logout).By default, the three privilege levels on a router are: The available privilege levels range from 0 to 15, and allow the administrator to customise what commands are available at what privilege level. To understand the below problem and workaround it is necessary to understand privilege levels. This document describes the configuration steps on how to display the full running configuration for users logged in to the router with low privilege levels.
0 kommentar(er)
