Pages

Monday, May 2, 2011

Parser View



With CLI view, we can restrict which access each network administrator have based on role. Superviews allow a network administrator to easily assign all users within configured CLI views to a superview instead of having to assign multiple CLI views to a group of users. 


Here is the basic configuration of the Parser View.


R2 <----> R3    
192.168.1.1   <---->  192.168.1.2


Task: 

  • Allowing telnet access with the username OPERATOR and password CISCO to be able to configure the HTTP feature in the router only.
  • Configure Username ADMIN and password CISCO to have access to every feature in the router.



aaa new-model
!
!
aaa authentication login default local
aaa authentication login VTY local
aaa authentication login CON none
aaa authorization exec default local
aaa authorization exec VTY local


username OPERATOR view HTTP password 0 CISCO
username ADMIN privilege 15 password 0 CISCO


parser view HTTP
 secret 5 $1$6ZRJ$CIjM5cdVUvhpinttlR/361
 commands configure include ip http
 commands configure include ip
 commands exec include configure terminal
 commands exec include configure
 commands exec include show running-config
 commands exec include show

Verify configuration

HTTP View

R2#telnet 192.168.1.2
Trying 192.168.1.2 ... Open

User Access Verification

Username: OPERATOR
Password:

R3#show parser view
Current view is 'HTTP'

 
R3(config)#?
Configure commands:
  do    To run exec commands in config mode
  exit  Exit from configure mode
  ip    Global IP configuration subcommands

R3(config)#

Configure commands:
  do    To run exec commands in config mode
  exit  Exit from configure mode
  ip    Global IP configuration subcommands

R3(config)#

---------------------------------------

Change parser view configuration
To be able to change the configuration of the parser view, you need to enter the view root. In this example, to enter the view root, we have to telnet with login as ADMIN and "enable view".

R2#telnet 192.168.1.2
Trying 192.168.1.2 ... Open


User Access Verification


Username: ADMIN
Password:

R3#en view
Password:

R3#

On R3, you will have the syslog message:
*Mar  3 22:24:04.582: %PARSER-6-VIEW_SWITCH: successfully set to view 'root'.

Now, you can change the configuration of the parser view.

R3#
R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.

R3(config)#parser view HTTP ?
  superview  SuperView Commands
  <cr>

R3(config)#parser view HTTP
R3(config-view)#?
View commands:
  commands  Configure commands for a view
  default   Set a command to its defaults
  exit      Exit from view configuration mode
  no        Negate a command or set its defaults
  secret    Set a secret for the current view



Posted by BBru at 10:27 AM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)