From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Thu Jun 26 2008 - 02:16:08 ART
Hi,
1) Ensure you moved all "config" or "interface" modes etc commands, that you
want user to see in the running config, to a level assigned to the user
(e.g. level 3 or 5)
for instance:
privilege interface level 3 ip address
privilege configure level 3 interface
privilege exec level 3 show running-config
Ensure the user has no access to "configure" exec mode command
2) Assign a vty into a rotary group (e.g. rotary 10) and then telnet to
"7010" port on the router. Attach an "autocommand" to the line, so that this
command gets executed once someone logs into the router
line vty 4
rotary 10
privilege level 3
autocommand show run
..
#telnet router.cisco.com 7010
HTH
-- Petr Lapukhov, CCIE #16379 (R&S/Security/SP/Voice) petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com 2008/6/26 Amir.Tahir/Wateen/Lahore <Amir.Tahir@wateen.com>:
> Hi Experts, > > > > I am trying to give my client privilege to check sh running > configuration but won't allow him to go to configuration level. I tried > to control it with Privilege level but Router does not show full > configuration on Level 3 or level 5. > > > > In addition, if I am not wrong, we could set a router in such a way that > if someone telnet on specified line, we could give him output as sh run > and close the connection. > > > > I will be thankful if you could give me a reference or guide me how to > handle this task > > > > Thanks for help in advance > > > > Regards/AT > > __________________ > > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:23 ART