How to configure custom privilege?

atut · ‎08-30-2017

I need to create username for my technical support with custom privilege level 5, my technical support only requires this two commands:

1) show running-config ip dhcp pool WIFI_ASTINET

2) configure terminal

ip dhcp pool WIFI_ASTINET

address x.x.x.x client-id 01xx.xxxx.xxxx.xx

First question:

How do I create custome privilege only for the two commands above?

Second question:

Because I tried to play with the privilege custom configuration, now my configuration has this:

privilege configure level 15 ip dhcp pool
privilege configure level 15 ip dhcp
privilege configure level 15 ip
privilege exec level 1 show running-config ip dhcp pool
privilege exec level 1 show running-config ip dhcp
privilege exec level 1 show running-config ip
privilege exec level 15 show running-config
privilege exec level 1 show

I can't delete above privilege, how do I delete them?

Julio E. Moisa · ‎08-30-2017

Hi

Basically your config should be applied for level 5 only but unfortunately it was applied to level 15 (full privileges by the lines created before). I have 2 things in mind, try to create an user with privilege 14: username cisco privi 14 pass Cisco (but not sure if you will be able to do that) or execute the password recovery procedure (step by step) to delete the lines for privilege 15.

Hope it is useful

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

atut · ‎08-30-2017

@Julio E. Moisa

Sorry I don't understand, can you please guide me with the full commands?

The objective just to delete this:

privilege configure level 15 ip dhcp pool
privilege configure level 15 ip dhcp
privilege configure level 15 ip
privilege exec level 1 show running-config ip dhcp pool
privilege exec level 1 show running-config ip dhcp
privilege exec level 1 show running-config ip
privilege exec level 15 show running-config
privilege exec level 1 show

Julio E. Moisa · ‎08-30-2017

Hi,

Sure, But I would like to know first What is the model of your device? and if you are able to create the following line on your router.

conf t

username Cisco pri 14 password Cisco

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

atut · ‎08-30-2017

Okay, I have found how to delete customize privilege using this commands:

privilege configure reset ip dhcp pool
privilege exec reset show running-config ip dhcp pool

Now, I still don't know how to customize privilege for:

configure terminal

ip dhcp pool WIFI_ASTINET

address 10.10.24.58 client-id 01a2.d234.2123.d2

Does anyone know how? Please refer to the picture attached below.

Julio E. Moisa · ‎09-01-2017

Hi Atut,

Apologies for the late response, basically you need to create users with the respective privilege, for example:

conf t

username Cisco priv 7 password Cisco

then you can create the permissions:

privilege exec level 7 show running-config ip dhcp pool
privilege exec level 7 show running-config ip dhcp

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

atut · ‎09-01-2017

@Julio E. MoisaIt's okay, thank you.

Yes, I know, I have created username Cisco privilege 7 password Cisco

I also know to create this:

privilege exec level 7 show running-config ip dhcp pool
privilege exec level 7 show running-config ip dhcp

But I don't know how to create privilege for:

address 10.10.24.58 client-id 01a2.d234.2123.d2

It is in ip dhcp pool configuration:

address 10.10.24.58 client-id 01a2.d234.2123.d2

How to create privilege for that? Please refer to attachment 01.png

Thanks.

atut · ‎09-01-2017

Another attachment 02.jpeg

Fail to add dhcp configuration:

address 10.10.24.58 client-identifier 01a1.1234.1234.b1

How to set privilege for that?