Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5255
Views
5
Helpful
4
Replies

Unable to use "ping ... size" in privilege level exec 1

mauricioharley
Level 1
Level 1

‎05-05-2011 07:55 AM - edited ‎03-10-2019 06:03 PM

Dear friends,

     I'm using AAA and I typed the following commands on my router:

aaa new-model
aaa authentication login default local

privilege exec level 1 ping ip
privilege exec level 1 ping vrf
privilege exec level 1 ping

username test privilege 1 secret test

     I realized that it's impossible to use ping command with size option even with "privilege exec level 1 ping ip" as you can see above.  I need to be able to use the entire ping command like this example below:

ping vrf VRF1 ip 1.1.1.1 size 64 repeat 100

     Could you please help me ASAP?

I appreciate,

Mauricio Harley

Labels:
0 Helpful
4 Replies 4

shepherd.magumo
Level 1
Level 1

‎07-12-2012 03:51 AM

Good day,

I am encountering similiar issue, I have created a user with previlege level 5 and all I want them to do is continous ping say for 100 packets. 

Router1#ping 192.168.1.112 repeat 100
                                         ^
% Invalid input detected at '^' marker.
Router#

I even tried to change the privilege to 14 and still getting that invalid input error.

Am i missing something here?

Shepherd

0 Helpful

Cathal Mooney
Level 1
Level 1
In response to shepherd.magumo

‎08-13-2012 07:02 AM

Guys,

I also want an answer to this question.  One "work around" I have found is enabling them for just "ping":

privilege exec level 1 ping

Then they can go through the exended ping dialog by just typing "ping" with no arguments:

ici-2921-test>ping

Protocol [ip]:

Target IP address: 192.96.174.5

Repeat count [5]: 1000

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 1000, 100-byte ICMP Echos to 192.96.174.5, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (1000/1000), round-trip min/avg/max = 1/1/4 ms

ici-2921-test>

I would still prefer a way to allow them to type "ping xxx.xxx.xxx.xxx repeat 1000" though,

Cathal.

0 Helpful

ccr_cisco
Level 1
Level 1
In response to Cathal Mooney

‎10-17-2012 09:31 AM

Hello,

Encountering the same problem with the command "ping ip source interface", I can't use the proposed workaround as I have to use the command in a script.

It seems that as soon as it's not privilege 16 ping command cannot be used with another argument than ip.

Does someone have another workaround or correction ?

Regards

0 Helpful

fadelshaheen
Level 1
Level 1

‎09-20-2014 01:27 PM

Hi

 

simply ..... use ping* and you can make a ping from the Privilege level1 like level 15

 

Router(config)#privilege exec level 1 ping *

 

 

Router>sh pri
Current privilege level is 1
Router>

 

Router>ping 8.8.8.8 ?
  data      specify data pattern
  df-bit    enable do not fragment bit in IP header
  repeat    specify repeat count
  size      specify datagram size
  source    specify source address or name
  timeout   specify timeout interval
  validate  validate reply data
  <cr>

 

Hope its solves your problem

Regards

 

Customers Also Viewed These Support Documents