Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1924
Views
0
Helpful
2
Replies

PIX 6.2 AAA authorization

vr2zjw
Level 1
Level 1

‎04-25-2002 06:26 AM - edited ‎02-21-2020 09:59 AM

I am trying to assign some show command to privilege level 1 such that our first line support can telnet to the PIX and do some command without going into enable mode. I assign the show interface command to privilege level 1 but I can't execute the command in privilege level 1, why? Here is my output. Thanks you.

PIX# show pri command inter

privilege show level 1 command interface

privilege clear level 15 command interface

privilege configure level 15 command interface

PIX# dis

PIX> show curp

Username : enable_1

Current privilege level : 1

Current Mode/s : P_UNPR

PIX> show interface

Type help or '?' for a list of available commands.

PIX> show ?

checksum View configuration information cryptochecksum

curpriv Display current privilege level

history Display the session command history

pager Control page length for pagination

version Display PIX system software version

PIX> show ?

checksum View configuration information cryptochecksum

curpriv Display current privilege level

history Display the session command history

pager Control page length for pagination

version Display PIX system software version

PIX> ?

enable Turn on privileged commands

help Help list

login Log in as a particular user

logout Exit from current user profile, and to unprivileged mode

pager Control page length for pagination

quit Quit from the current mode, end configuration or logout

PIX>

Labels:
0 Helpful
2 Replies 2

p.krane
Level 3
Level 3

‎05-02-2002 06:01 AM

It looks to be configured correctly according to the docs. I wonder if user “enable_1” is setup with priv level 1 in your AAA server. I’ve never used priv levels in PIX, I think it’s a fairly new feature so you might be running into a bug too.

0 Helpful

jraarons
Level 1
Level 1

‎05-23-2002 03:20 AM

Last I checked AAA was used by the PIX to have users verify whether they are enabled for Internet access. Based upon username they may or may not be able to surf the web.

You have to give your admins enable access and hope they don't open the back door, then close it behind them.

I have brought this basic lack of security to Cisco's attention for several years, maybe it will change in the future.

You need to be able to audit admins usage, record their changes, etc using TACACS+.

OSPF/BGP support would be helpful in redundant setups, which is why an ISP has trouble deploying firewalls.

0 Helpful
Customers Also Viewed These Support Documents