We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 651 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

451 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Hi Rene, can you write commands about SSH user wich have different privilage level. for example one user is root and one user is guest, guest must have some restricted commands

  2. Based on George’s reply I tried to create two usernames with differents privilege leves:

    username newbie privilege 8 secret 5 $1$BiPz$TLuUEbPhyDEgnwQiOC5y0/ (cisco) 
    username senior privilege 15 secret 5 $1$G2Ym$.1hVi/NAd1qz2/FBS7xaO0 (cisco)

    I want user newibe to able to enter show commads :

    privilege exec level 8 show

    I wanted user senior to able to enter configure commands :

    privilege exec level 15 configure

    Then I enter the AAA configuration :

    aaa new-model
    aaa authentication login list1 local
    aaa authorization exec l1 local

    Then I Applied it to the l

    ... Continue reading in our forum

  3. Hi Rene,

    Pretty much I wanted different users to be able to access the device via telnet, I wanted user newbie to be able to just execute show commands, then I wanted user senior to have full rights, I mean to able to execute any command.

    I understood my mistake, I already configured the default view and the “client” view

    aaa authentication login list_1 local
    enable secret 5 $1$wxp3$S6xiGOONqckW8nW1UvOD00 (ena)
    username cisco secret 5 $1$GeiB$esuKyqDcf.Q1xyKyHifRx0
    username client privilege 15 view client secret 5 $1$O0ES$Lk3l5Dap7UWiJoudqQXeV1
    line vty 15
    ... Continue reading in our forum

  4. Rene,
    Great lesson however, I have question. During my test I created a user with level 2 privilege and I want user to only use the following commands.
    “sh ip interface brief” and “configure terminal”
    But when I was configuring I configured only " sh ip interface brief" and configure terminal. After that when I did show run I found extra lines in the configs which includes
    “show IP” and “show”. I was able to block only “show run” and rest of the commands are available e.g sh ip arp etc.

    In my opinion I should be able to see only " configure terminal

    ... Continue reading in our forum

16 more replies! Ask a question or join the discussion by visiting our Community Forum