With CLI view, we can restrict which access each network administrator have based on role. Superviews allow a network administrator to easily assign all users within configured CLI views to a superview instead of having to assign multiple CLI views to a group of users.
Here is the basic configuration of the Parser View.
R2 <----> R3
192.168.1.1 <----> 192.168.1.2
Task:
- Allowing telnet access with the username OPERATOR and password CISCO to be able to configure the HTTP feature in the router only.
- Configure Username ADMIN and password CISCO to have access to every feature in the router.
aaa new-model
!
!
aaa authentication login default local
aaa authentication login VTY local
aaa authentication login CON none
aaa authorization exec default local
aaa authorization exec VTY local
username OPERATOR view HTTP password 0 CISCO
username ADMIN privilege 15 password 0 CISCO
parser view HTTP
secret 5 $1$6ZRJ$CIjM5cdVUvhpinttlR/361
commands configure include ip http
commands configure include ip
commands exec include configure terminal
commands exec include configure
commands exec include show running-config
commands exec include show
Verify configuration
HTTP View
R2#telnet 192.168.1.2
Trying 192.168.1.2 ... Open
User Access Verification
Username: OPERATOR
Password:
R3#show parser view
Current view is 'HTTP'
R3(config)#?
Configure commands:
do To run exec commands in config mode
exit Exit from configure mode
ip Global IP configuration subcommands
R3(config)#
Configure commands:
do To run exec commands in config mode
exit Exit from configure mode
ip Global IP configuration subcommands
R3(config)#
---------------------------------------
Change parser view configuration
To be able to change the configuration of the parser view, you need to enter the view root. In this example, to enter the view root, we have to telnet with login as ADMIN and "enable view".
R2#telnet 192.168.1.2
Trying 192.168.1.2 ... Open
User Access Verification
Username: ADMIN
Password:
R3#en view
Password:
R3#
On R3, you will have the syslog message:
*Mar 3 22:24:04.582: %PARSER-6-VIEW_SWITCH: successfully set to view 'root'.
Now, you can change the configuration of the parser view.
R3#
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#parser view HTTP ?
superview SuperView Commands
<cr>
R3(config)#parser view HTTP
R3(config-view)#?
View commands:
commands Configure commands for a view
default Set a command to its defaults
exit Exit from view configuration mode
no Negate a command or set its defaults
secret Set a secret for the current view
No comments:
Post a Comment