You can do "autocommand" under LAT services, Line interfaces, DECnet and who
knows what else. It would look something like:
!
line vty 0 4
login
autocommand show ip int brief
!
HTH
Darren
At 02:33 PM 04/19/2001 -0400, EA Louie wrote:
>well, that's a little bummer, because if the user is in privileged exec
>(enable) mode, the default from a privilege perspective is to allow them
>some sort of configuration permission. I suppose the best question is, why
>do you want to restrict them to 'show interface'?
>
>The best way to accomplish what you want is to restrict them to non-enabled
>commands so that they can't make any configuration changes. I don't know of
>any way to restrict the show commands at the disabled EXEC mode - maybe
>someone else can help you with that.
>
>At the disabled EXEC mode, you can type ? to see what they're allowed to do.
>(there are a few other hidden commands that they can do at that level too)
>
>-e-
>
> ----- Original Message -----
>From: "SH Wesson"
>To:
>Sent: Thursday, April 19, 2001 9:09 AM
>Subject: Re: telnet [7:1212]
>
>
>> Thanks. I did it and did the "privilege exec level 1 show interface" for
>a
>> user with privilege 1 access. However, when they log in with the username
>> that has privilege 1 access like above, they can use other commands
>besides
>> the one above which I didn't put in. How can I restrict it to "privilege
>> exec level 1 show interface" ONLY. Thanks.
>>
>>
>> >From: "EA Louie"
>> >To: "SH Wesson" ,
>> >Subject: Re: telnet [7:1212]
>> >Date: Thu, 19 Apr 2001 08:48:59 -0700
>> >MIME-Version: 1.0
>> >Received: from [24.0.95.108] by hotmail.com (3.2) with ESMTP id
>> >MHotMailBCA853B40062400438E318005F6CA5980; Thu Apr 19 08:48:04 2001
>> >Received: from cx555712b ([24.21.8.196]) by femail12.sdc1.sfba.home.com
>> > (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP
>> >id ;
>> > Thu, 19 Apr 2001 08:48:05 -0700
>> >From [EMAIL PROTECTED] Thu Apr 19 08:49:24 2001
>> >Message-ID:
>> >References:
>> >X-Priority: 3
>> >X-MSMail-Priority: Normal
>> >X-Mailer: Microsoft Outlook Express 5.50.4522.1200
>> >X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
>> >
>> >yes. Some of the ways to do it:
>> >
>> >1. Set a generic username/password with a privelege level of 1. Set
>your
>> >own username/password with a privelege level of 15. Then set the command
>> >that you want privelege level 1 to be able to use
>> >
>> >2. Set different enable passwords for different privelege levels.
>> >
>> >3. Don't give the other users the enable password, and they'll be
>> >restricted to the simple show cammands (show interface, show ip route)
>and
>> >they'll have no access to the running or saved configuration.
>> >
>> >see (watch URL wrap-there are configuration examples at the bottom)
>>
>>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secu
>r
>> >_c/scprt5/scpass.htm
>> >and
>>
>>http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secu
>r
>> >_r/srprt5/srpass.htm
>> >
>> >-e-
>> >----- Original Message -----
>> >From: "SH Wesson"
>> >To:
>> >Sent: Thursday, April 19, 2001 6:18 AM
>> >Subject: telnet [7:1212]
>> >
>> >
>> > > I want to allow this one network to be able to to telnet into my
>router,
>> >but
>> > > when then telnet into it I only want to give them access to the "show
>> > > interface" command and nothing else. However when I telnet into it
>from
>> >my
>> > > network I want to be able to access everything.
>> > >
>> > > What I've done is set the password on vty 0 4 and use the command
>login.
>> > > However when they telnet to it and type the password to login then can
>> > > access a lot of other commands including "show version", "show
>logging",
>> > > "show standby", a lot of others even though they can't get into config
>t
>> > > mode.
>> > >
>> > > Can anyone show me how to configure it to restrict the above telnet to
>> >only
>> > > a few commands. Thanks.
>> > >
>> > >
>> > > _________________________________________________________________
>> > > Get your FREE download of MSN Explorer at http://explorer.msn.com
>> > > FAQ, list archives, and subscription info:
>> >http://www.groupstudy.com/list/cisco.html
>> > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>> >
>>
>> _________________________________________________________________
>> Get your FREE download of MSN Explorer at http://explorer.msn.com
>FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Darren S. Crawford
Lucent Technologies Worldwide Services
2377 Gold Meadow Way Phone: (916) 859-5200 x310
Suite 230 Fax: (916) 859-5201
Sacramento, CA 95670 Pager: (800) 467-1467
Email: [EMAIL PROTECTED] Epager: [EMAIL PROTECTED]
http://www.lucent.com Network Systems
Consultant - CCNA
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=1306&t=1212
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
