06-28-2007 03:15 AM
i want to allow 2 users with view only priviledges.. or allow ping at most...
how do i do that..
these users willl connect via telnet ..
i created the user with 0 level priviledge ..
but how do i get the router to ask for the username ..
right now if i telnet the router it asks for a password and brings me to the enable prompt....
any help....???
Solved! Go to Solution.
06-30-2007 12:32 AM
Hi Atif,
After some trials, i don't think that you can force the router to go for vty line 5, while lines 0-4 are not busy, but lets think outside the box, why would you need this, why not using "login local" on all the lines, while having 2 privileges, for example 3 and 15.
The use of the ACL under the VTYs, was generally proposed to secure the VTYs and not for the purpose you are trying.
HTH,
Mohammed Mahmoud.
06-28-2007 03:22 AM
Hi,
You'll need:
username xxxx privilege x password xxxxxx
privilege exec all level x show
line vty 0 4
login local
NOTE: The user will be able to do any show, except "show running-config".
HTH,
Mohammed Mahmoud.
06-28-2007 04:06 AM
Hi mahmoud.. how r u . nice to see u again..
yea i figured that out ..
i set priviledge 3 on that user with show and ping command.. also on the vty lines i set login local..
now that has the router prompting for the username and password the way i wanted...
but now is there anyway that i can use the enable password ?? cause its asking for a username....
06-28-2007 04:18 AM
hi,
one more thing i was wondering
i have vty lines from 0 4 set with login
and vty lines 5 15 set with login local
when i telnet to this router i am telneting to vty lines 0 4 right ???
is there any way that i can have a user to telnet to the 5 to 15 vty lies and have them prompted for username.
**********************************
line vty 0 4
privilege level 15
password 7 154656776867E
login
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
************************************
06-28-2007 04:54 AM
Hi Atif,
Nice to c u back :)
You can make use of access-class command and restrict the access to your router and tell the router which ip is authorized to access which vty:
access-list 2 permit x.x.x.x
line vty 0 4
access-class 2 in
Where x.x.x.x is the ip which you need to allow on vty 0 4.
HTH,
Mohammed Mahmoud.
06-28-2007 09:09 PM
hmmm ok
ill keep the vty line 5 15 on "login" instead of "login local" with the "access-class" command for MY IP so that i can use that for administrative purpose (using the enable password).
And ill keep vty lines 0 4 on "login local" so that anyone else connecting should get the username and password prompt.
just one quick thing ... after all the above when i connect from MY IP, will it check the ACL and both VTY line's config before giving me the prompt ??
il try it out anyways :p .. thanks again...
06-29-2007 08:53 PM
didnt work... :-(
how and when is the line vty 5 15 used ????
06-29-2007 10:28 PM
Hi Atif,
You are right, it shouldn't work this way i've overlooked a fact that the router won't use line 5 until lines 0-4 are busy, let me think about a different method for you.
HTH,
Mohammed Mahmoud.
06-30-2007 12:32 AM
Hi Atif,
After some trials, i don't think that you can force the router to go for vty line 5, while lines 0-4 are not busy, but lets think outside the box, why would you need this, why not using "login local" on all the lines, while having 2 privileges, for example 3 and 15.
The use of the ACL under the VTYs, was generally proposed to secure the VTYs and not for the purpose you are trying.
HTH,
Mohammed Mahmoud.
07-02-2007 12:01 AM
i was thining that i would keep the enable password for my own use and give the shift administrator the level 3 access...
instead of creating 2 local accounts i would this way have to only keep 1 account for the shift administrator.. .. but anyways i guess ill have to keep login local and create 2 accounts ..
:-) appreciate the help thou.. thanks .
see u later in another issue.. lol
07-02-2007 12:21 AM
Hi ,
You are very welcomed :)
BR,
Mohammed Mahmoud.
07-03-2007 01:59 PM
Hi,
After digging around, i finally found you a solution :)
line vty 0 4
rotary 1
login local
and telnet to TCP port 3001.
line vty 5 15
rotary 2
password cisco
login
and telnet to TCP port 3002.
I've tested it and its fully operational, and you can add the access-list for more security.
HTH,
Mohammed Mahmoud.
06-29-2007 09:19 PM
Can anyone please explain this "Interface Vi2 to me ??
Dawlance_HO#sh users
Line User Host Idle Location
* vty 322 admin idle 00:00:00 172.16.0.2
Interface User Mode Idle Peer Address
Vi PPPoE 00:05:32 202.163.110.250
06-29-2007 10:32 PM
Hi,
interface vi2, is called Virtual-access interface, its a dynamic cloned interface from the virtual template interface configured interface, it is dynamically created when the PPPoE session is to be terminated on this router to inherit the configuration under the virtual template interface.
Virtual template interfaces can be created and applied by various applications such as Virtual Profiles, virtual private dialup networks (VPDN), PPP over ATM, PPP over Frame Relay, protocol translation, and Multichassis Multilink PPP (MMP).
HTH,
Mohammed Mahmoud.
06-29-2007 11:37 PM
thanks mahmoud
please do find a way for this ...
also is there any way to comment a configuration line for eg. if i want to diable a line for a while and not delete it..
! is this it ??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide