03-16-2012 07:58 AM - edited 03-07-2019 05:36 AM
Hello,
I'm got a test router where I have created a roles based cli view instead of using privileges. I know want to move these old privileges as the cli view is workfing but can't. I'm wonderign of the cli view requires them.
Here is what I have:
username cisco privilege 15 secret 5 ***********
username test view priv3 secret 5************
CLI view
parser view priv3
secret 5 $1$tQxU$dver3rtrernSBFKV/
commands interface include shutdown
commands interface include no shutdown
commands interface include no
commands configure include interface
commands exec include configure terminal
commands exec include configure
commands exec include show ip interface brief
commands exec include show ip interface
commands exec include show ip
commands exec include show arp
commands exec include show privilege
commands exec include show interfaces
commands exec include show configuration
commands exec include show
commands configure include interface FastEthernet0/0
commands configure include interface FastEthernet0/1
Privileges which I can't remove:
privilege interface level 3 shutdown
privilege interface level 3 no shutdown
privilege interface level 3 no
privilege configure level 3 interface
privilege configure level 3 shutdown
privilege configure level 15 config-register
privilege exec level 3 configure terminal
privilege exec level 3 configure
privilege exec level 3 show ip interface brief
privilege exec level 3 show ip interface
privilege exec level 3 show ip
privilege exec level 15 show running-config
privilege exec level 3 show configuration
privilege exec level 1 show
privilege exec level 3 exit
Any ideas?
03-16-2012 08:12 AM
If I remember you have to use the clear command, try clear username ? There will be a list
HTH
Sent from Cisco Technical Support iPhone App
05-17-2012 02:25 PM
Hi Andy,
I think i found the solution for this today.
to remove you have to use something like this:
“privilege exec reset write memory”
so basically privilege exec /or interface / or configure and then reset the command that you have in there. that would remove them
hope this was helpful
Cheers,
Mary
10-25-2016 07:18 AM
That was SOOOOOO It!!!
privilege [mode] reset [first line of commnand]
BAM! Clears the 'privilege level' junk Straight out of the run config
To be fair, I am not sure if this is what the original asker was going for but it was definitely MY issue.
09-19-2017 09:29 AM
Hi, can you put the real code ?
i have the same issue , i want to remove the privilege 15 from the router configuration.
i typed : username xxx privilege 15 secret cisco....
You said that
privilege [mode] reset [first line of commnand]
could you type the real code? not sure what you mean with first line of command
thanks
03-05-2017 01:31 AM
Mary, thanks.
You just helped me with my problem too.
Cheers,
(another) Andy
03-14-2019 09:54 PM
thanks
i find reset command !!~
06-10-2013 02:00 PM
Answer to your problem:
Privileges which I can't remove:
privilege interface reset shutdown
privilege interface reset no shutdown
privilege interface reset no
privilege configure reset interface
privilege configure reset shutdown
privilege configure reset config-register
privilege exec reset configure terminal
privilege exec reset configure
privilege exec reset show ip interface brief
privilege exec reset show ip interface
privilege exec reset show ip
privilege exec reset show running-config
privilege exec reset show configuration
privilege exec reset show
privilege exec reset exit
09-12-2018 01:32 PM
I am missing something here.
I want to stop level 3 users from using the telnet and ssh commands. I don't want them tying up the serial interface to telnet or SSH to other places out on the Internet (we telnet to a serial device that allows us to connect a serial port to the router's console interface. Then we log in using the credentials set in our Cisco router. So only one user can be logged into the router at a time).
You say use this syntax: 'privilege exec reset telnet' and 'privilege exec reset ssh'.
What limits these commands to affect only privilege level 3 users?
Fred
09-12-2018 02:13 PM
Fred
I believe that you misunderstand what was being discussed in the earlier posts. I believe that they were discussing situations where certain commands were assigned to a different privilege level and now they want them back to the default value. And that is what reset would do.
In your case I believe that what you have is that telnet and ssh are available to users who are privilege level 3 and you want them to not be able to use these commands. So in your case you do not want to reset and you do want to change the privilege level of the commands telnet and ssh to something higher than 3.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide