You can use cisco secure acs. This allows you to restrict commands per user or per group attributes. But if not, make a privilege level such as 7 and put commands for that level to execute. This will keep them from entering a config command. To test just login via telnet and after going into enable mode type enable 7 and try the commands. Verfiy the privilege by show privilege. You can also make your console port privilege level seven by typing in privilege level 7 under line con 0.
-Drew -----Original Message----- From: Adam Hickey [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 12:52 PM To: [EMAIL PROTECTED] Subject: priviledge levels [7:53723] All, I want to configure a special priviledge level for our NOC in all our cisco devices to basically have all commands except config. Looking at cco, if you allow sh run at any priv level other than , the user will only be able to see the commands they can configure which defeats the purpose. Anyone know a way around this - so the NOC can have say a level 14 access and be able to see the entire running-config without being able to configure anything? thx Adam Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=53732&t=53723 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]