Hello Jeff,
Here is what happened once I reset all the commands. Configured a level 3
for sh , for ping and for traceroute. When I do a sh run now, I see that
the sh star and the sh run commands have been automatically set for
privilege level 15. And when a user logs on with privilege level 3, NOW
he cannot do a sh star nor a sh run command. Thanks for the help. Kind
regards.
>From: "Jeff Chambers" >Reply-To: "Jeff Chambers" >To:
[EMAIL PROTECTED] >Subject: RE: Privilege Level command driving me
nuts!! [7:19158] >Date: Sun, 9 Sep 2001 02:00:50 -0400 > >You can reset a
command to its normal priv level using the format > >privilege exec reset
put_the_entire_command_here > >Configuring privilege levels for commands
on a router can be very >frustrating. It also doesn't scale well in a
medium to large >network. The best production method I have found is to
use TACACS. >You can assign all users privilege level 15 and allow or
deny >commands at the user or group level. In my testing (it has been >9
months or so, this may have changed), the user must be at privilege level
>15 in order to receive valid output from the show running-configuration
>command. It will return a blank configuration if the user is not >at
privilege level 15. > >Jeff. > >-----Original Message----- >From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of >Cisco
Nuts >Sent: Sunday, September 09, 2001 12:59 AM >To: [EMAIL PROTECTED]
>Subject: Privilege Level command driving me nuts!! [7:19158] > > >Hi,I
am trying to configure privilege exec level commands on my router >but am
going nuts at the output of these commands:Basically, here is what >I
have configured:#enable secret level 3 cisco! #privilege exec level 3
>ping#privilege exec level 3 traceroute#privilege exec level 3 show ip
>route#privilege exec level 3 show startup-configuration#privilege exex
>level 3 show running-configuration!# When I do a log in using enable
>secret level 3, I can get the output of the #sh star command but not of
>the #sh ru command?Also, when I do a sh ru on the router using regular
>privilege level(15), I see 2 additional commands automatically
configured >for me:#privilege exec level 1 show#privilege exec level 1
show ip It >will NOT let me remove these 2 commands nor will it let me
change this to >privilege level 3.Nor will it let me remove any
individual commands!!What's >going on? Any ideas? Thank you for your
help.Kind regards.Nuts!! >
>------------------------------------------------------------------------
> >Get your FREE download of MSN Explorer at http://explorer.msn.com > >
misconduct and Nondisclosure violations to [EMAIL PROTECTED]
------------------------------------------------------------------------
Get your FREE download of MSN Explorer at http://explorer.msn.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=19186&t=19158
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
