[f-nsp] some command without entering the enable mode

Mike Leber mleber at he.net
Sun Jul 8 21:15:06 EDT 2007 

On Sun, 8 Jul 2007, Charley Kline wrote:
> The basic login level (unless you've configured aaa) doesn't let you  
> do anything except enable or log back out.

Ahh, thank you for catching the miscommunication.  I just automatically
assumed everybody runs tacacs in a production environment.

Mike.

> You have to set an "enable read-only-password" in addition to the  
> "enable super-user-password" and then there is this rather confusing  
> behavior where depending on what password is given in response to the  
> "enable" command, you wind up in super-user mode ("enabled" mode) or  
> read-only mode, which is more where you want to be (show commands,  
> that kind of thing, essentially anything that doesn't affect  
> operation of the device is allowed).
> 
> /cvk
> 
> 
> 
> On Jul 8, 2007, at 1:56p, Mike Leber wrote:
> 
> >
> > On Sun, 8 Jul 2007, Daniel wrote:
> >> is there any way to allow a user some commands without entering the
> >> enable mode? I run a Foundry XMR with Software Version 3.3.0a
> >
> > Yes, all the commands you can normally run at the non enable prompt.
> >
> >> I wanne setup a Looking Glass and some monitoring issues and i dont
> >> wanne use the enable password for security reasons.
> >>
> >> I need commands like "sh ip bgp sum" or "traceroute" and so on.
> >> Maybe anyone here have a solution.
> >
> > Those commands don't require you to enter enable to run.
> >
> > You will need to make the script log into the router via telnet.
> >
> > Take a look at yalg as a good looking glass example.
> >
> > Mike.
> >
> > +----------------- H U R R I C A N E - E L E C T R I C  
> > -----------------+
> > | Mike Leber           Direct Internet Connections   Voice 510 580  
> > 4100 |
> > | Hurricane Electric     Web Hosting  Colocation       Fax 510 580  
> > 4151 |
> > | mleber at he.net                                       http:// 
> > www.he.net |
> > +--------------------------------------------------------------------- 
> > --+
> >
> > _______________________________________________
> > foundry-nsp mailing list
> > foundry-nsp at puck.nether.net
> > http://puck.nether.net/mailman/listinfo/foundry-nsp
> 
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
> 

+----------------- H U R R I C A N E - E L E C T R I C -----------------+
| Mike Leber           Direct Internet Connections   Voice 510 580 4100 |
| Hurricane Electric     Web Hosting  Colocation       Fax 510 580 4151 |
| mleber at he.net                                       http://www.he.net |
+-----------------------------------------------------------------------+

More information about the foundry-nsp mailing list