Re: User Privilege Level [7:60469]
Dave, Priv. level 1 gives you basic show commands, etc. level 15 is full access like you mentioned. levels 2-14 don't have any special commands , but you re-assign commands to these levels for different users for example. Theres also a priv level 0 which gives you close to no commands on router IOS and you need to reduce the level 1 (default level) to 0 if you make the priv level 0 for line vty for example. I'm not sure if you can go to 0 on the switches. When you say reset ports, do you mean clean counters or shut/no shut the port? the latter would be config access. What type of switch is this and version of code? Awhile back when I was doing this for a client there was a minor bug with the priv commands and config mode for setting speed and duplex where the commands weren't saved properly. haven't checked that in quite awhile though. Erick --- "Williams, Dave" wrote: > I've been searching CCO most of the afternoon and > can't seem to find the > correct URL. I'm looking for a way to allow a > technician to reset ports on > a switch and look at interface stats, but not allow > configuration access. > > For example, I know that user level 15 is the same > as having the enable > password and user level 1 is the same as a generic > user, but I don't know > what the other levels do for me. > > Thanks in advance for your help. > > Dave Williams > Senior Network Engineer > (402) 661-2143 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60479&t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: User Privilege Level [7:60469]
Cisco Freeware TACACS with "AAA authorization" is your friend. "Williams, Dave" wrote:I've been searching CCO most of the afternoon and can't seem to find the correct URL. I'm looking for a way to allow a technician to reset ports on a switch and look at interface stats, but not allow configuration access. For example, I know that user level 15 is the same as having the enable password and user level 1 is the same as a generic user, but I don't know what the other levels do for me. Thanks in advance for your help. Dave Williams Senior Network Engineer (402) 661-2143 Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60484&t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: User Privilege Level [7:60469]
I agree with Eric in that TACACS has the capability to restrict/permit certain commands while also allowing for accountability. - Original Message - From: "eric nguyen" To: Sent: Tuesday, January 07, 2003 12:53 PM Subject: Re: User Privilege Level [7:60469] > Cisco Freeware TACACS with "AAA authorization" is your friend. > "Williams, Dave" wrote:I've been searching CCO most of the afternoon and > can't seem to find the > correct URL. I'm looking for a way to allow a technician to reset ports on > a switch and look at interface stats, but not allow configuration access. > > For example, I know that user level 15 is the same as having the enable > password and user level 1 is the same as a generic user, but I don't know > what the other levels do for me. > > Thanks in advance for your help. > > Dave Williams > Senior Network Engineer > (402) 661-2143 > Do you Yahoo!? > Yahoo! Mail Plus - Powerful. Affordable. Sign up now Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60508&t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: User Privilege Level [7:60469]
Thanks for everyone's help. What I mean by "reset ports" is to re-enable the switch ports after they were err-disabled. These are Cisco 6500 series switches w/layer 3 blades. The switch is running Cat/OS 7.2(2) and on the layer 3 blade, IOS 12.1(11b). Since our technicians are in remote locations, if I can give them the ability to re-enable the ports without getting into config mode, they don't have to wait on one of our engineers to do it for them (which may take hours). I'll try to re-assign some set commands and see what happens. Dave Williams, CCDA, CCNA, CCSA Senior Network Engineer (402) 661-2143 -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 9:37 PM To: Williams, Dave; [EMAIL PROTECTED] Subject: Re: User Privilege Level [7:60469] Dave, Priv. level 1 gives you basic show commands, etc. level 15 is full access like you mentioned. levels 2-14 don't have any special commands , but you re-assign commands to these levels for different users for example. Theres also a priv level 0 which gives you close to no commands on router IOS and you need to reduce the level 1 (default level) to 0 if you make the priv level 0 for line vty for example. I'm not sure if you can go to 0 on the switches. When you say reset ports, do you mean clean counters or shut/no shut the port? the latter would be config access. What type of switch is this and version of code? Awhile back when I was doing this for a client there was a minor bug with the priv commands and config mode for setting speed and duplex where the commands weren't saved properly. haven't checked that in quite awhile though. Erick --- "Williams, Dave" wrote: > I've been searching CCO most of the afternoon and > can't seem to find the > correct URL. I'm looking for a way to allow a > technician to reset ports on > a switch and look at interface stats, but not allow > configuration access. > > For example, I know that user level 15 is the same > as having the enable > password and user level 1 is the same as a generic > user, but I don't know > what the other levels do for me. > > Thanks in advance for your help. > > Dave Williams > Senior Network Engineer > (402) 661-2143 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60604&t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: User Privilege Level [7:60469]
TACACS+ server! -Original Message- From: Williams, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 9:33 AM To: [EMAIL PROTECTED] Subject: RE: User Privilege Level [7:60469] Thanks for everyone's help. What I mean by "reset ports" is to re-enable the switch ports after they were err-disabled. These are Cisco 6500 series switches w/layer 3 blades. The switch is running Cat/OS 7.2(2) and on the layer 3 blade, IOS 12.1(11b). Since our technicians are in remote locations, if I can give them the ability to re-enable the ports without getting into config mode, they don't have to wait on one of our engineers to do it for them (which may take hours). I'll try to re-assign some set commands and see what happens. Dave Williams, CCDA, CCNA, CCSA Senior Network Engineer (402) 661-2143 -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 9:37 PM To: Williams, Dave; [EMAIL PROTECTED] Subject: Re: User Privilege Level [7:60469] Dave, Priv. level 1 gives you basic show commands, etc. level 15 is full access like you mentioned. levels 2-14 don't have any special commands , but you re-assign commands to these levels for different users for example. Theres also a priv level 0 which gives you close to no commands on router IOS and you need to reduce the level 1 (default level) to 0 if you make the priv level 0 for line vty for example. I'm not sure if you can go to 0 on the switches. When you say reset ports, do you mean clean counters or shut/no shut the port? the latter would be config access. What type of switch is this and version of code? Awhile back when I was doing this for a client there was a minor bug with the priv commands and config mode for setting speed and duplex where the commands weren't saved properly. haven't checked that in quite awhile though. Erick --- "Williams, Dave" wrote: > I've been searching CCO most of the afternoon and > can't seem to find the > correct URL. I'm looking for a way to allow a > technician to reset ports on > a switch and look at interface stats, but not allow > configuration access. > > For example, I know that user level 15 is the same > as having the enable > password and user level 1 is the same as a generic > user, but I don't know > what the other levels do for me. > > Thanks in advance for your help. > > Dave Williams > Senior Network Engineer > (402) 661-2143 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=60610&t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: User Privilege Level [7:60469]
I know the thread is about dead but until you get TACACS+ server there are some commands you could implement to help the situation. The port is being disabled for a reason. You can configure the port to renable after 30 secs. using the command set errdisable-timeout enable all set errdisable-timeout interval 30 'All' would cover all the possible reason. If you knew what was causing the port to disable you could implement certain commands to cease the err-disable all together. For example if collision was the culprit then the following command would stop the error disable. set option errport enable Here is a link the will go into more detail. http://www.cisco.com/warp/public/473/20.html -Original Message- From: Williams, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 11:33 PM To: [EMAIL PROTECTED] Subject: RE: User Privilege Level [7:60469] Thanks for everyone's help. What I mean by "reset ports" is to re-enable the switch ports after they were err-disabled. These are Cisco 6500 series switches w/layer 3 blades. The switch is running Cat/OS 7.2(2) and on the layer 3 blade, IOS 12.1(11b). Since our technicians are in remote locations, if I can give them the ability to re-enable the ports without getting into config mode, they don't have to wait on one of our engineers to do it for them (which may take hours). I'll try to re-assign some set commands and see what happens. Dave Williams, CCDA, CCNA, CCSA Senior Network Engineer (402) 661-2143 -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 9:37 PM To: Williams, Dave; [EMAIL PROTECTED] Subject: Re: User Privilege Level [7:60469] Dave, Priv. level 1 gives you basic show commands, etc. level 15 is full access like you mentioned. levels 2-14 don't have any special commands , but you re-assign commands to these levels for different users for example. Theres also a priv level 0 which gives you close to no commands on router IOS and you need to reduce the level 1 (default level) to 0 if you make the priv level 0 for line vty for example. I'm not sure if you can go to 0 on the switches. When you say reset ports, do you mean clean counters or shut/no shut the port? the latter would be config access. What type of switch is this and version of code? Awhile back when I was doing this for a client there was a minor bug with the priv commands and config mode for setting speed and duplex where the commands weren't saved properly. haven't checked that in quite awhile though. Erick --- "Williams, Dave" wrote: > I've been searching CCO most of the afternoon and > can't seem to find the > correct URL. I'm looking for a way to allow a > technician to reset ports on > a switch and look at interface stats, but not allow > configuration access. > > For example, I know that user level 15 is the same > as having the enable > password and user level 1 is the same as a generic > user, but I don't know > what the other levels do for me. > > Thanks in advance for your help. > > Dave Williams > Senior Network Engineer > (402) 661-2143 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61239&t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: User Privilege Level [7:60469]
Great!! This looks like it will fill the bill. I'll set the configuration as noted. This will give me some time before I can configure a TACACS+ server. Thanks to everyone for their responses. Dave Williams, CCDA, CCNA, CCSA Director of Network Engineering (402) 661-2143 -Original Message- From: Newell Ryan D SrA 18 CS/SCBT [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 16, 2003 8:07 PM To: [EMAIL PROTECTED] Subject: RE: User Privilege Level [7:60469] I know the thread is about dead but until you get TACACS+ server there are some commands you could implement to help the situation. The port is being disabled for a reason. You can configure the port to renable after 30 secs. using the command set errdisable-timeout enable all set errdisable-timeout interval 30 'All' would cover all the possible reason. If you knew what was causing the port to disable you could implement certain commands to cease the err-disable all together. For example if collision was the culprit then the following command would stop the error disable. set option errport enable Here is a link the will go into more detail. http://www.cisco.com/warp/public/473/20.html -Original Message- From: Williams, Dave [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 11:33 PM To: [EMAIL PROTECTED] Subject: RE: User Privilege Level [7:60469] Thanks for everyone's help. What I mean by "reset ports" is to re-enable the switch ports after they were err-disabled. These are Cisco 6500 series switches w/layer 3 blades. The switch is running Cat/OS 7.2(2) and on the layer 3 blade, IOS 12.1(11b). Since our technicians are in remote locations, if I can give them the ability to re-enable the ports without getting into config mode, they don't have to wait on one of our engineers to do it for them (which may take hours). I'll try to re-assign some set commands and see what happens. Dave Williams, CCDA, CCNA, CCSA Senior Network Engineer (402) 661-2143 -Original Message- From: Erick B. [mailto:[EMAIL PROTECTED]] Sent: Monday, January 06, 2003 9:37 PM To: Williams, Dave; [EMAIL PROTECTED] Subject: Re: User Privilege Level [7:60469] Dave, Priv. level 1 gives you basic show commands, etc. level 15 is full access like you mentioned. levels 2-14 don't have any special commands , but you re-assign commands to these levels for different users for example. Theres also a priv level 0 which gives you close to no commands on router IOS and you need to reduce the level 1 (default level) to 0 if you make the priv level 0 for line vty for example. I'm not sure if you can go to 0 on the switches. When you say reset ports, do you mean clean counters or shut/no shut the port? the latter would be config access. What type of switch is this and version of code? Awhile back when I was doing this for a client there was a minor bug with the priv commands and config mode for setting speed and duplex where the commands weren't saved properly. haven't checked that in quite awhile though. Erick --- "Williams, Dave" wrote: > I've been searching CCO most of the afternoon and > can't seem to find the > correct URL. I'm looking for a way to allow a > technician to reset ports on > a switch and look at interface stats, but not allow > configuration access. > > For example, I know that user level 15 is the same > as having the enable > password and user level 1 is the same as a generic > user, but I don't know > what the other levels do for me. > > Thanks in advance for your help. > > Dave Williams > Senior Network Engineer > (402) 661-2143 [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61262&t=60469 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
