[c-nsp] Re:Sh run filter
Kanagaraj Krishna
kanagaraj at aims.com.my
Tue Feb 7 04:13:55 EST 2006
Hi,
In Cisco's enable privilege settings, an user can only view the config (interface, routing protocol etc) under "sh run" only if they are permitted to edit those configurations. In my case, i want the user to see the routing information but not configure them. I tried using the router privilege commands together with the tacacs server permissions, but both cannot work together. Once logged in, it follows the routers privilege setting only.Any ideas?
This is an example of my config. Privilege level 2 has its own settings and i further want to control from the tacacs server as well.
service = exec {
priv-lvl=2
}
cmd = show {
permit running-config
permit ver.*
permit ip.*
permit interface.*
}
cmd = ping {
permit .*
}
Regards,
Kanagaraj Krishna
More information about the cisco-nsp
mailing list