Problem with privileges - 12.2 IOS

Filip Knezevic · ‎03-16-2018

Hello,

We have a problem with user privileges on some older devices, mainly Cisco 6509.

The problem is I don't know how to assign all possible sub commands of a command, namely ip route.

So, for example, colleagues from L1 department can do static routes, but they cant name them. Now for me that is a big issues since they are just piling the routes with no description, which is making troubleshooting harder and it looks really ugly.

On newer IOS (15) you can do:

privilege configure all level 2 ip route.

This will allow all the iterations of the ip route command.

But on IOS 12.2 there is no all subcommand.

R2D2-NEW(config)#privilege configure ?
level Set privilege level of command
reset Reset privilege level of command

R2D2-NEW(config)#privilege configure lev ?
<0-15> Privilege level

R2D2-NEW(config)#privilege configure lev 2 ?
LINE Initial keywords of the command to modify

R2D2-NEW(config)#privilege configure lev 2

The result is this:

R2D2-NEW(config)#ip route 8.8.8.8 255.255.255.255 1.1.1.1 ?
<1-255> Distance metric for this route
<cr>

R2D2-NEW(config)#ip route 8.8.8.8 255.255.255.255 1.1.1.1

Cisco says (if I understood correctly) that first couple of keywords for a command will enable all sub commands but it's not working.

R2D2-NEW(config)#privilege configure level 2 ip route name. - This is not working.

Any advice?

Upgrade to new IOS is out of question since we can't risk any issues with these devices. There are a lot of links there and if it wouldn't come back up after an IOS upgrade lot of stuff could potentially go wrong and that would be a catastrophe.

Leo Laohoo · ‎03-16-2018

Duplicate thread.

Please post all response(s) into the main thread (HERE).