a couple of things - you set the privilege level very low. most commands have a default level of 7 or so IIRC.
you could do login local, and associate privilege level with the local login. set that level at 1 or 2. set the enable level at 10. or you could change the privilege level of only those commands you want the user to see to a much lower level. I think really all they need is show hosts, show sessions, maybe show users, and the clear line functions. HTH ""Dan Penn"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > I am trying to get my 2621 with an nm-16a working so that I can allow a > few people I study with to use my home lab. I don't want to give them > the full enable secret password because then someone could remove my > configuration. This terminal server also gives me my home network > connectivity.basically what I'm saying is I don't want somebody to be > able to change the enable secret, or shut my interfaces down on the > terminal server itself. I made an enable level 2, and did this under > it: privilege exec level 2 telnet. When I telnet to the terminal > server, then do enable level 2 etc it logs in fine. But it won't lookup > the "ip host blah blah" when I type the name of the host I'm trying to > connect to. > > Is there something stupid that I am missing here? > > Can anyone help? > > Here is a full config just to show everyone what I've got going on here: > > 2621#sh run > Building configuration... > > Current configuration : 2674 bytes > ! > ! Last configuration change at 08:15:53 GMT Fri Jul 12 2002 > ! NVRAM config last updated at 07:40:47 GMT Fri Jul 12 2002 > ! > version 12.2 > service timestamps debug uptime > service timestamps log uptime > no service password-encryption > ! > hostname 2621 > ! > no logging console > enable secret level 2 5 cut > enable secret 5 cut > ! > username cut privilege 0 password 0 cut > memory-size iomem 10 > clock timezone GMT -6 > ip subnet-zero > ! > ! > no ip domain-lookup > ip host s3550 2040 192.169.1.4 > ip host s2924 2039 192.169.1.4 > ip host m2502 2038 192.169.1.4 > ip host s1912 2037 192.169.1.4 > ip host t4500 2034 192.169.1.4 > ip host b2501 2035 192.169.1.4 > ip host t2501 2036 192.169.1.4 > ip host b4500 2033 192.169.1.4 > ! > ip audit notify log > ip audit po max-events 100 > ! > call rsvp-sync > ! > ! > ! > ! > ! > ! > ! > ! > interface Loopback0 > ip address 192.169.1.4 255.255.255.255 > no ip route-cache > no ip mroute-cache > ! > interface FastEthernet0/0 > mac-address 0010.5a19.8da7 > ip address cut 255.255.255.0 > no ip redirects > no ip unreachables > no ip proxy-arp > ip nat outside > no ip route-cache > no ip mroute-cache > duplex auto > speed auto > ! > interface Serial0/0 > no ip address > shutdown > ! > interface FastEthernet0/1 > ip address 192.168.0.1 255.255.255.0 > no ip redirects > no ip proxy-arp > ip nat inside > no ip route-cache > no ip mroute-cache > speed auto > full-duplex > ! > interface Dialer1 > no ip address > no cdp enable > ! > ip nat inside source list 1 interface FastEthernet0/0 overload > ip nat inside source static tcp 192.168.0.2 21 cut 21 extendable > ip nat inside source static tcp 192.168.0.2 80 cut 80 extendable > ip classless > ip route 0.0.0.0 0.0.0.0 24.216.101.1 > ip route 192.168.2.0 255.255.255.0 192.168.0.3 > ip route 192.168.3.0 255.255.255.0 192.168.0.3 > no ip http server > ip pim bidir-enable > ! > logging 192.168.0.2 > access-list 1 permit 192.168.0.0 0.0.255.255 > ! > snmp-server engineID local 800000090300003019713E80 > no snmp-server enable traps tty > ! > dial-peer cor custom > ! > ! > ! > ! > privilege exec level 2 telnet > ! > line con 0 > exec-timeout 0 0 > logging synchronous > line 33 48 > session-timeout 5 > exec-timeout 0 0 > flush-at-activation > no exec > transport input telnet > line aux 0 > line vty 0 4 > exec-timeout 0 0 > password cut > login > transport input telnet > transport output none > ! > ntp clock-period 17180185 > ntp server 139.78.100.163 > end > > TIA > > Dan Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48682&t=48678 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]