Hi,

I have some questions regarding role base CLI on catalyst switches. I have created a view that looks like this:

parser view CUSTOMER
commands exec exclude enable
commands exec exclude show parser
commands exec include show version
commands exec include all show clock
commands exec include all show interfaces
commands exec include all show logging
commands exec include all show memory
commands exec include all show process
commands exec include all show ip arp
commands exec include all show ip interface
commands exec include all ping vrf

On the AAA server I have set the Cisco A/V pair cli-view-name=CUSTOMER.

When the user connect he gets the correct access but there are some minor things that I would like to fix:

1. Some of the commands (e.g. "show logging" and "show interfaces") do not appear in the list though I am able to run them. How can I get them to appear?

CATALYST>show ?
  clock         Display the system clock
  flash1:       display information about flash1: file system
  flash2:       display information about flash2: file system
  flash:        display information about flash: file system
  ip            IP information
  memory        Memory statistics
  version       System hardware and software status

2. Other commands ("show flash:" etc.) appear even though I do not want the user to be able to run them). How can I get rid of them?

3. Is it possible to allow the user to only issue "ping vrf ..." and not to be able to ping addresses in the global routing table?

CATALYST>ping ?
  WORD  Ping destination address or hostname
  vrf   Select VPN routing instance
  <cr>

4. Is it possible to get rid of the "<1-99>" command?

CATALYST>?
Exec commands:
  <1-99>  Session number to resume
  exit    Exit from the EXEC
  ping    Send echo messages
  show    Show running system information

I am trying this configuration on a Catalyst 3750 running version 12.2(53)SE2.

Thanks in advance for your help!

Best regards,

Harry