RE: privilege trick?

From: wing_lam@jossynergy.com
Date: Tue Jun 24 2003 - 22:34:35 GMT-3

• Next message: Tim Fletcher: "Re: CCIE 11874 - and some reflexions on the nature of the beast"
• Previous message: Daniel Cisco Group Study: "RE: Simple ACL question"
• Maybe in reply to: pierreg : "privilege trick?"
• Next in thread: Erick B.: "RE: privilege trick?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi, Erick;

If this command is assigned to level 0, will it becomes not accessible for
another level? I have try this and this command becomes inaccessible by the
priviledge 15 but only the level 0

Thx,
BBD 9Big Black Dog)

                                                                                                                                       
                      "Erick B."
                      <erickbe@yahoo.co To: pierreg@mail.planetkc.com, ccielab@groupstudy.com
                      m> cc:
                      Sent by: Subject: RE: privilege trick?
                      nobody@groupstudy
                      .com
                                                                                                                                       
                                                                                                                                       
                      06/23/2003 04:23
                      AM
                      Please respond to
                      "Erick B."
                                                                                                                                       
                                                                                                                                       

Have you tried priv level 0 and lowering just show ip
protocols down to 0? I'm using level 0 on some of my
stuff at work and hardly anything is available unless
configured.

--- pierreg <pierreg@mail.planetkc.com> wrote:
> Thank you Frabrice
>
> I was looking for a solution without TACACS.
>
> (I am assuming that on the R&S lab they only use
> local databases)
>
> I made note of your tip though!
>
> Pierre-Alex
>
> -----Original Message-----
> From: Fabrice Bobes [mailto:study@6colabs.com]
> Sent: Sunday, June 22, 2003 7:20 PM
> To: 'pierreg '; ccielab@groupstudy.com
> Subject: RE: privilege trick?
>
>
> Pierre-Alex,
>
> You can do it with Tacacs and command authorization.
> On your Tacacs server, under the section shell
> command authorization
> set,
> you can specify for the command "show" the arguments
> "permit ip
> protocols" and "deny ip".
> You need to configure your router accordingly to use
> command
> authorization.
> I let you fiddle with your router :-) but if you
> need more info, just
> let me know.
>
> Thanks,
>
> Fabrice
> http://www.6CoLabs.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> pierreg
> Sent: Sunday, June 22, 2003 10:09 AM
> To: ccielab@groupstudy.com
> Subject: privilege trick?
>
> Is it possible to give a user just "show ip
> protocols" whithout giving
> him/her all the other "show ip" commands.
>
> I have checked CCO, fiddled with the routers and
> digged the archives,
> but this does not seem to be possible. Can anyone
> confirm?
>
> Thanks,
>
> Pierre-Alex
>
>
>

• Next message: Tim Fletcher: "Re: CCIE 11874 - and some reflexions on the nature of the beast"
• Previous message: Daniel Cisco Group Study: "RE: Simple ACL question"
• Maybe in reply to: pierreg : "privilege trick?"
• Next in thread: Erick B.: "RE: privilege trick?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jul 04 2003 - 11:11:06 GMT-3