AAA - exec priv levels

subaa — Sun, 10 Mar 2019 20:51:03 GMT

Hi,

The followings are from the Yusuf bible. I think some of you had read and configured all that labs, so I really hope it's just a simple question for you.

So, In Chap. 1 / Section 7.1:

-------------------------------------------------

"Configure two users: (user1) - with priv lvl 10, and user2 w/ priv. level 15. Configure such that user1 is able to sun the command show run only, and user2 is able to run all commands."

The solution is (- per the configs on cd):

privilege exec level 10 show run

privilege exec level 15 show

-------------------------------------------------

Prevously I thought that if you move the show command with any argument (here show run) to a specific level, than you move 'show run' and all show commands too to that specific level. In the abovementioned two lines, the second command overwrites the previous statement. It is true, that the show run command moves to priv lvl 10, but the next one moves all the show commands back to level 15.

Please correct me if I am wrong.

In fact I am far from being happy with that. My real question is:

Is it possible at all to solve the task with local command authorization? (If yes, how? :D)

Maybe I|m just blind to see something in the config - that's not the first time... 😄

Thank you for your help!

Bests,

SubAa

Re: AAA - exec priv levels

yusuff — Thu, 14 Oct 2004 02:10:54 GMT

Hi SubAa,

The 'privilege exec level 15 show' command is incorrect, it shouldn't be there. Remvoe it and it will work. I have added the correction to the errata list.

Thanks,

Yusuf

topic Re: AAA - exec priv levels in Network Access Control

AAA - exec priv levels

Re: AAA - exec priv levels