How to disable all the commands that run on privilege exec mode [ router# ] and only enable basic t-shoot commands like extended Ping & traceroute while a user PC has a remote telnet connection of a router?

author
  • Total 2 Answers
  • 2223
Can You answer this question?
author

You can use parser view.

Let me give you basic configuration.Assume we have this topology:-

Configure ip addresses on both devices and also configure telnet on R1.I will make sure client can only run ping and traceroute commands.

Now we will create view for this client on R1.By default router is in root view.

Requirements:-

1)Enable AAA New Model

aaa new-model

2)Enable password must be set

enable password cisco

Now in user mode:-

R1>enable view (it will ask for password , enter cisco)

R1#configure terminal

R1(config)#parser view ABC

R1(config-view)#secret cisco123 (password used when u enter the view)

R1(config-view)# commands exec include ping(exec is used to define priviledge level command)

R1(config-view)# commands exec include traceroute

R1(config-view)#exit

R1(config)#username CLIENT view ABC password CLIENT

R1(config)#exit

Now Telnet from R2

R2#telnet 12.0.0.1
Trying 12.0.0.1 ... Open


User Access Verification

Username: CLIENT
Password:(CLIENT as set in username command)

R1>enable view ABC
Password:(cisco123 for this view)

R1#show ?
  flash:  display information about flash: file system
  parser  Display parser information
  slot0:  display information about slot0: file system

R1#?    
Exec commands:
  <1-99>      Session number to resume
  enable      Turn on privileged commands
  exit        Exit from the EXEC
  ping        Send echo messages
  show        Show running system information
  traceroute  Trace route to destination

 

 

 

 

 

 

author
,
Network Security

I am not sure but as we do to assign access to L1 and L2 in ASA must be something near about be available in routers also .

We  create privileged level and assign the required commands and allocate user to that privilege level .

Hope this helps .