[c-nsp] Re:Sh run filter

Kanagaraj Krishna kanagaraj at aims.com.my
Tue Feb 7 04:13:55 EST 2006


Hi,
    In Cisco's enable privilege settings, an user can only view the config (interface, routing protocol etc) under "sh run" only if they are permitted to edit those configurations. In my case, i want the user to see the routing information but not configure them. I tried using the router privilege commands together with the tacacs server permissions, but both cannot work together. Once logged in, it follows the routers privilege setting only.Any ideas?  

This is an example of my config. Privilege level 2 has its own settings and i further want to control from the tacacs server as well.

service = exec {
                          priv-lvl=2
                        }
cmd = show {
          permit running-config
          permit ver.*
          permit ip.*
          permit interface.*
          }
          cmd = ping {
          permit .*
          }


Regards,
Kanagaraj Krishna


More information about the cisco-nsp mailing list