Leedham2answers
asked on
Cisco CLI Views
Hi
I have a very annoying problem. I am configuring Cisco views and everything works great until I access the routers remotely. For some reason the helpdesk user I created and locked into a view has access to all commands. This is not the desired effect. Here is the config;
!
upgrade fpd auto
version 12.4
parser view helpdesk
secret 5 $1$Zmg4$WcCToFXjLLHEalvkfn
commands exec include all show
commands exec include all debug
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable password cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip domain name cisco.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 password 0 cisco
username helpdesk view helpdesk password 0 cisco
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 192.168.8.222 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.8.254
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
!
end
What am I missing here?
I have a very annoying problem. I am configuring Cisco views and everything works great until I access the routers remotely. For some reason the helpdesk user I created and locked into a view has access to all commands. This is not the desired effect. Here is the config;
!
upgrade fpd auto
version 12.4
parser view helpdesk
secret 5 $1$Zmg4$WcCToFXjLLHEalvkfn
commands exec include all show
commands exec include all debug
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable password cisco
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip domain name cisco.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin privilege 15 password 0 cisco
username helpdesk view helpdesk password 0 cisco
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 192.168.8.222 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.8.254
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
!
end
What am I missing here?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Matt V
When you login as helpdesk remotely, what prompt do you see and what is the result of show priv?