Experts,
I was trying to understand Role based access control.
I was trying to create a user in R1 who has access only to ping command. No other commands/modes should be accessible for that user.
Here is my config:
R1#sh run | sec aaa
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
R1#sh run | sec view
parser view Test
secret 5 $1$50B5$v2W8mGXV3S0h2DljRcKaA/
commands exec include ping
commands exec exclude configure
username krishna privilege 15 view Test secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
username test view Test secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
R1#sh run | sec vty
line vty 0 4
privilege level 15
transport input all
line vty 5 15
privilege level 15
transport input all
Now tring to access R1.
R4#tel 1.1.1.1
Trying 1.1.1.1 ... Open
User Access Verification
Username: test
Password:
R1>en
Password:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
Still that user is able to access configuration mode. Can you guys please help me?
Krishna
↧
Role based access control issue.
↧