Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
766
Views
0
Helpful
1
Replies

AAA - exec priv levels

subaa
Level 1
Level 1

‎10-13-2004 11:28 AM - edited ‎03-10-2019 01:51 PM

Hi,

The followings are from the Yusuf bible. I think some of you had read and configured all that labs, so I really hope it's just a simple question for you.

So, In Chap. 1 / Section 7.1:

-------------------------------------------------

"Configure two users: (user1) - with priv lvl 10, and user2 w/ priv. level 15. Configure such that user1 is able to sun the command show run only, and user2 is able to run all commands."

The solution is (- per the configs on cd):

privilege exec level 10 show run

privilege exec level 15 show

-------------------------------------------------

Prevously I thought that if you move the show command with any argument (here show run) to a specific level, than you move 'show run' and all show commands too to that specific level. In the abovementioned two lines, the second command overwrites the previous statement. It is true, that the show run command moves to priv lvl 10, but the next one moves all the show commands back to level 15.

Please correct me if I am wrong.

In fact I am far from being happy with that. My real question is:

Is it possible at all to solve the task with local command authorization? (If yes, how? :D)

Maybe I|m just blind to see something in the config - that's not the first time... :D

Thank you for your help!

Bests,

SubAa

Labels:
0 Helpful
1 Reply 1

yusuff
Cisco Employee
Cisco Employee

‎10-13-2004 07:10 PM

Hi SubAa,

The 'privilege exec level 15 show' command is incorrect, it shouldn't be there. Remvoe it and it will work. I have added the correction to the errata list.

Thanks,

Yusuf

0 Helpful
Customers Also Viewed These Support Documents