Configure the read-access via user-defined privilege level
Hello everyone,
I m looking for the best configuration to restrict a user read-only. The restriction must be configured through CLI not GANYMEDE.
Material: 3750 (probably not interesting for that matter)
More old IOS: 12.2 (53) SE1
The user should be allowed to:
- See the running configuration
- trigger all sorts of orders-show
- Ping and traceroute of the device
The user should not be allowed to:
- Download/delete/rename files on the flash memory
- Enter the level 15 (not sure if I can avoid it)
- all orders despite those level 1 and those specified above
Can someone help me with this?
Thanks in advance!
I have won´t forgotten messages useful rates
Hi Tobias,.
You can
set up multiple levels of privilege on a switch as explained below.
By default, the Cisco IOS Software has two modes of password security: user EXEC and
Privileged EXEC. You can configure up to 16 levels of commands for each mode.
By configuring multiple passwords, you can allow different sets of users to have access to
specified commands.
For example, if you want many users to have access to the clear line command, you can
He attributed a level 2 security and distribute the level 2 password fairly widely. But if you
want more restricted access to the command configure, you can assign security to level 3
and distribute the password to a more restricted group of users.
Definition of the level of privilege for a command
Beginning in privileged EXEC mode, follow these steps to set the privilege level for a
control mode:
Purpose of command
Step 1
Configure the terminal
Enter global configuration mode.
Step 2
level privilege mode level control
Set the level of privilege for a command.
For mode, enter set for the global configuration mode, exec to EXEC mode, interface
for the interface configuration mode, or the line for line configuration mode.
For level, the range is from 0 to 15. Level 1 is normal user EXEC mode privileges.
Level 15 is the level of access allowed by the enable password.
For command, enter the command that you want to restrict access.
Step 3
activate the password level
Specify the password to enable for the privilege level.
. For level, the range is from 0 to 15. Level 1 is normal user EXEC mode privileges.
Password, specify a string from 1 to 25 alphanumeric characters. The string cannot
start with a number, is case sensitive and allows spaces but ignores leading spaces. By
by default, no password is defined.
Step 4
end
Return to privileged mode.
Step 5
Show running-config
or
Show privilege
Check your entries.
The first command shows the level of the password configuration and access. The second command
Displays the privilege level configuration.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
When you set a command to a privilege level, all commands whose syntax is a subset of this
control can also be programmed at this level. For example, if you set the show ip traffic command
level 15 show commands and show ip commands are automatically set to privilege level
15 unless you set them individually at different levels.
To return to the privilege by default for a given command, use the no privilege mode level
control of level global configuration command.
This example shows how to set the command configures to focus on level 14 and set
SecretPswd14 as the password users must enter to use 14 level controls:
Switch (config) # level 14 exec privileges set up
Switch (config) # enable password 14 SecretPswd14 level
You can also change the default privilege for every user level.
Change the level of privilege by default for lines beginning in privileged EXEC mode follow these steps to change the default privilege for a line level: complete order
Step 1 Configure terminal enter global configuration mode.
Step 2 line vty select the virtual terminal line to restrict access.
Step 3 privilege level change the default privilege for the line level.
For level, the range is from 0 to 15. Level 1 is normal user EXEC mode
privileges. Level 15 is the level of access allowed by the enable password.
End of step 4 back in privileged mode.
Step 5 show running-config or show privilege
Check your entries. The first command shows the level of the password configuration and access.
The second command shows the privilege level configuration.
Step 6 copy running-config startup-config (optional) save your entries in the configuration file.
Users can replace the privilege level that you set by using the privilege level line configuration command
you connect to the line and enabling a different privilege level.
They can lower the privilege level by using the disable command.
If users know the password to a higher privilege level, they can use this password to enable the higher privilege level. You can specify a privilege for your console line level to restrict the use of the line or high-level.
To restore the default line privilege level, use the no privilege level line configuration command. Also I send you a document for your reference.
http://www.Cisco.com/univercd/CC/TD/doc/product/LAN/cat3750/12225see/SCG/swauthen.htm #wp1154063
HTH
Concerning
Reem
Tags: Cisco Network
Similar Questions
-
How to configure the VLAN-access plan on Cisco 3650
Hello
I would like to configure the VLan-access plan to filter some of the traffic VLAN, but I am unable to run vlan-map command on the cisco L3 3650 v03.06.00E
Hello ahmed,.
According to the command search tool, 3650 v03.06.00E does not support the vlan-access plan.
You will need to catalyst 3650, 3SE to configure "vlan access map.
https://Tools.Cisco.com/support/CLILookup/cltSearchAction.do
Show vlan-plan of access (catalyst 3650, 3SE)
VLAN-access plan (catalyst 3650, 3SE)
I hope this helps.
Please evaluate the useful messages.
Thank you.
-
Manually configure the listener apex via command line
I would like to be able to configure the listener apex via the command line.
Is there an api or method to achieve this?
Is it possible to take an apex-config. XML as a template and make changes to this environment and place it in the config.dir directory
According to me, placing a! in front of the clear text password cryptera apex listener reboot?
Is the method of model above a taken way in charge of the configuration of the apex listener script languages?I set the value of config.dir for
/apex_lsnr
This will search the apex - config.xml in the directory above or it will search the XML in/apex_lsnr/apex? +
/apex_lsnr + would be option 1 - who doesn'work currently. +
+ refers to the 'context' you have deployed your APEX listener, so if you used the default value (apex) this would actually
+/apex_lsnr/apex +. -Online cp apex - config.xml $DOMAIN_HOME/apex_lsnr/apex
Note that APEX auditor records the location of the apex - config.xml, he uses actually started. If it comes to the temporary location (default), he found nothing in your configured directory.
-Udo
-
Configuration of the Essbase access via the Web browser user
Hello world
I have installed and configured the shared services, Admin Server, Essbase, now I need allow two user (User1 and User2) to access
Essbase server via web browser. I request measures that I can achieve my requirement.
If I tried several ways, but always struggeled with good configuration only i always able to connect with a user
(admin).
Concerning
Kumar NAccess EAS is weird (a large part of the functionality of the EAS is weird).
While there is no request for Regional service to be set to, the username in question must be created in the Shared Services to connect to EA.
So:
(1) create the user name in the Shared Services
(2) if Essbase is outsourced, set the user name on the server and the app/db in question (not strictly necessary from a point of view EAS, but you're here, so why not?)
(3) launch EAS console, connect to Services of Administration and you are out of the raceIf you do not outsource Essbase security (why? "You want to maintain a username twice?) you need not do the step #2.
Kind regards
Cameron Lackpour
-
How to configure the control LUNS via R232 as COM4
I believe that I have configured all the hardware including: usb 6251 DAQ connected to a SCC-68 with a load sg24 cell conditioner. Also configured an actuator of PI - PZT E-516 as well through the MAX Series and the parallel section. The new processor is not a slot r-232 if Im using a usb-r-232 converter. I therefore appearing as COM4, which is fine. When I run the vi associated with installing and configuring the PZT I get NO error, the settings are changed accordingly. the problem is when I run my program r-232 parameters return to COM1. The program calls the function of setting of PI which does not take into account user of com1 to 4 switch and just, he takes back when I run the program. Of the reasons why this happens? How to reconfigure hardware in combination with a previous program? Is it possible to check if the program or if it's just my lack of knowledge of the configuration?
Thank you
In your main VI where you call the Subvi, right click on the entry in the Configuration Interface and select 'create a constant '. Change the selection of Com1 to Com4.
The Subvi is not com4 as the default value.
-
Can configure the reader of card SIM in EliteBook 8440p
Hello
I am trying to set up a network connection using the SIM card reader, but I can not configure the card reader (does not appear in Device Manager).
I'm at the Portugal and the response of the forum I found work here.
Can you help me?
Best regards
Rodrigo Oliveira
You are the very welcome.
Yes, you will need to see if you can still get a WWAN card supported listed in the 8440p maintenance manual.
You cannot install a WWAN card listed in the service manual or the laptop does not start until the unsupported card is removed.
It must also ensure that the antenna of the WWAN card is present in the compartment, in that it will.
-
Configure the automatic updates without user intervention.
How to configure the CC for the auto update without user intervention (without right of admin)
Hello
Please see the document below for help:
-
question of the decidability of oralce user defined rules
Hello
Accoring to some posts online (http://weblog.clarkparsia.com/2007/08/27/understanding-swrl-part-2-dl-safety/ http://protege.cim3.net/cgi-bin/wiki.pl?SWRLLanguageFAQ), in general, SWRL is undecidable. However, we can add some restrictions to SWRL to regain the decidability: Variables in DL security rules bind only to those explicitly named in the ontology. Add this restriction is sufficient to establish decidable SWRL rules. So, I wonder how the rules defined by the user Oracle reached the decidability. SWRL does adpot the simliar way? Thank you very much in advance.
Hong
Salvation Hong,
It is a good question. Yes, we have adopted a similar idea. Chaining before engine database Oracle database are the existing resources of RDF known variables in rules of deduction. We will not generate a new RDF resource that does not exist already in the ontologies. This is very important because it ensures that the inference process will be completed in a period of time.
The foregoing does not apply to the inference (a new 12.1) user-defined well.
Thank you
Zhe
-
How to get information about the types within a user defined package
Hi all
Have a package with some types (user-defined) defined in the package specification. How to get information about the types and
information about the columns of this type.
for example:
Create package mp is
type t is record (no number is varchar2 (30));
procedure a (m t out...
Thanks in advance.
usergG_user wrote:
the req's, want to build a script dynamically using data dictionary
so if possible, I take the name of the type within the package specification.Let me rephrase - is there a data dictionary to get information on the type defined by the user within a package specification
Best approach will be to have a standard in the definition of data types.
Have a process to follow the object definitions in the package if it is mandatory.
-
Configuring Web Service access via a Proxy Server?
Hello
I'm trying to configure the tool OdiInvokeWebservices to hit a WebService through a proxy server.
I managed to test my OdiInvokeWebservices against a local WS (i.e. a direct connection), but I do not see how to configure ODI to go through a proxy server.
There is no obvious configuration setting (I expect to see a proxy host, username, password, and proxy exceptions maybe) on the tool OdiInvokeWebServices or ODI itself.
So, anyone can answer all or part of the following?
* Are there variables configuration ODI (or ODI environment variables) to set up the proxy server access?
* In the case of a failure, what is the desirable approach (taking account of the architecture of the ODI)? For example, creating a technology ODI in the topology for HTTP connections through a proxy server (what is a sense - I'm new to ODI)?
* What is possible or desirable to extend the OdiInvokeWebServices tool to enable the configuration for a proxy server? (probably a bad idea - a lot of hacking involved)?
If all above fails them, then the only option is to give access ODI direct internet access.
Thanks in advance,
MattMatt
Have you tried to add additional parameters to the virtual machine java?
I see that there are the following options that you can assign to ODI_ADDITIONAL_JAVA_OPTIONS in the odiparams file.
Java $-Dhttp.proxyHost = proxyhostURL
-Dhttp.proxyPort = proxyPortNumber
-Dhttp.proxyUser = someUserName
-Dhttp.proxyPassword = somePassword javaClassToRun
Craig -
Hi guys,.
I don't have much experience with echo adobe sign api, I want to let my users send their agreements of my site and I do not redirect to Portal sign echo when sending documents.
Is there a way I can get access to the api token without redirection to the Portal sign echo?
Note: I noticed in the api v2 here REST API - documents electronic signature software - Adobe Document Cloud, allowed to get the token via login and password sent in the http request, does v5 api also supports something similar to that?
Thank you!
Hello Mary,.
According to the mentioned workflow, it is not possible to achieve this goal without going through the platform of E-Sign using calls to API or OAuth.
Kind regards
-Usman
-
USB disabled not able to write and read access but user authorized to datacard possible
Dear all,
I need usb disabled unable to access both read & write. But able to access a Data card and USB mouse. This is possible thanks to a block log. Please post your suggestion.
Hello
1. What is the exact problem you are facing with USB?
2. you receive an error message?
3. have you made changes on the computer before this problem?
Please provide us with more information to help you further.
-
Where is the location of iCloud data from the reader in my user library?
I use an application called Carbon Copy Cloner to clone my Macintosh HD on an external hard drive. I noticed that my iCloud drive is not on the backup to clone, and I want to make sure that these files are included in the clone. I'm guessing that iCloud drive data are stored somewhere in my user library. If so, can someone tell me the exact location in my user library? If this is not the case, how can I ensure that my iCloud drive files are included when I clone my Macintosh HD?
The Mobile Document folder in your user library.
-
How to configure the ODBC Access on Windows 7 driver?
The ODBC SQL Server driver watch Installer is already installed. But my database is a local MS Access file. I want to choose the Access ODBC driver, but it is not listed. Yes, Access is installed.
Is - this Windows 7 64-bit or 32-bit
... check if this works for you
http://social.msdn.Microsoft.com/forums/en/SQLDataAccess/thread/685eacc1-A670-42d4-8392-924230fa90cb
Try to search "odbcad32.exe" and run the file
You can find the file that that lies on
C:\Windows\SysWOW64\odbcad32.exe (if it is Windows 7 64-bit)
and
C:\Windows\System32 (if it's Windows 7 32 bit) -
Configuring the desktop for all users
When you use Windows 7, is it possible to put up desktop shortcuts for all users who like to log onto the computer, it was in XP? Thank you!
C:\Users\All Users\Bureau. You can copy shortcuts out there, and it will be displayed on any connected user.
Maybe you are looking for
-
Cannot copy mp3 to flash hard disk files
I can copy any type of files from my flash drive in my PC, except the mp3 files. An i/o device error when I try to copy the mp3 files on my hard drive and after this error, I can't access my flash disk root and records. and I have to unplug flash USB
-
Windows 7 does not install new USB keys
Hello I installed on my Dell Windows 7 Ultimate laptop. Recently (about 2 months now), it has developed a problem where he do not installed the drivers for the new USB hard drives or flash drives. All readers of connect very well without any problems
-
BlackBerry Smartphones eBay and Paypal request of Bold 9900
I have been seraching for ebay and paypal application in the world of the app for bold 9900 but did not find, can someone help me. I used the two application with my old bold 9700, I need both applications on my new 9900.
-
error unexpected opening LR catalog
I received a notice stating that Windows 10 could not connect to (I forgot what he said). I took a point of restoring several days ago, and now I get the unexpected error message and there is only one catalog listed, which is the one that does not o
-
ILO login and password HP Proliant DL 320 g5p
Hi, I have a problem here, there is a recently learned HP ILO, but the label with the username and password not where to find the user name and password are needed to