Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
1Activity
0 of .
Results for:
No results containing your search query
P. 1
How to Configure Role Based Cli

How to Configure Role Based Cli

Ratings: (0)|Views: 55 |Likes:
Published by Irfee
ROLE BASE CLI

- Helpdesk user will be configured to use selected show command

- Support Tech user will be configured to view all configurations, but not allowed to make changes to the router including
debug command

- IT Head will be configured to have access to all high level functionality command such as show, config, debug and others
ROLE BASE CLI

- Helpdesk user will be configured to use selected show command

- Support Tech user will be configured to view all configurations, but not allowed to make changes to the router including
debug command

- IT Head will be configured to have access to all high level functionality command such as show, config, debug and others

More info:

Published by: Irfee on Apr 04, 2013
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

04/04/2013

pdf

text

original

 
HOW TO CONFIGURE ROLE BASED CLI
How To Configure Role Based CLI Access For Network Administrators Or Users On A Cisco Router: Security Implementation
The network Diagram and the addressing scheme in the network diagram is used for the configuration experimentation.Role based CLI Access provide more flexibility than that assigning privilege level, because it specify and define which command areavailable to a specific role assigned to network administrator.Role based CLI Access allow network administrator to assigned different views of router configuration to users. Each view definedwhat users can access through CLI commands.A view is an administrative role that is created with limited privilege or unlimited privilege to access network device, in this case aCisco router.Role based CLI Access provides important functions such as Security, Availability, and Operational efficient and not limited to thisfunction alone.Role based CLI Access provide the following three type of views and each view is used by administrator to controlled which commandare available to users or other network administrator. These views are important, especially where there are numerous network administrators that are carrying out different roles within an organization.Root view: When root view is configured for a network administrator, the access level is equivalent to level 15 of the privileges level.Though, they have different functionality, because root view user can configure, add and remove configurations from the viewassigned. Note that privileges level and root view are different methods used for controlling and assigning access and what a users can andcannot do when connected to a network device such as router.CLI views: This view is a standalone view, which it does not inherent commands from other views such as root view or Super view. Asa result, the same command can be used in multiple views.Super view: This is the highest view and is where network administrator can define which command is allowed on the router andwhich is visible viewed by other administrator that are working in an organisation. Super view users can configure multiple Super views in a CLI view. Note that a command cannot be configured for a super view, without been added to CLI view and the CLI view added to super view.Users who logged into a Super view have access to commands configured for CLI view that are part of Super view.Password used by supper view user can be used to switch between supper view and CLI view. Note that when administrators delete supper view it does not delete CLI view. Note: To create a view, Authentication, Authorization and Accounting (AAA) need to be configured or enabled on the Cisco router  before a view can be created and configured.For an administrator to configured or alter a views, the administrator must be login as a root view. A root view must first be created before creating any view, because the root view has the privilege to create views.The process of configuring a View are
Enable AAA
Create a view (there are maximum limit of 15 views that can be configured in a Cisco router. Though , Cisco router might bedifferent, so it is a good idea to check)
Assigned a secret password to the view if one is not already available
Assigned command to the select view
Exit and save the configurationThe process of creating and configuring a supper view after creating root view are listed below. Note an administrator must be in rootview to configure a supper views and another views.
Create a view
Assigned a secret password
Assigned an existing view already configured.
Exit supper view and save configurationHow to assigned and configured Role based CLI Access for users or network administrator based on their functions.
 
Role Based Configuration CLI Access
Helpdesk user will be configured to use selected show command
Support Tech user will be configured to view all configurations, but not allowed to make changes to the router includingdebug command
IT Head will be configured to have access to all high level functionality command such as show, config, debug and othersHow to Configuring enable secret and console line on EDGE-Router if one is not already been configured.EDGE-Router>enableEDGE-Router# conf tEDGE-Router(config)#enable secret irfee100EDGE-Router(config)#line console 0EDGE-Router(config-line)#password freeEDGE-Router(config-line)#loginEDGE-Router(config-line)#exitEDGE-Router(config)#exitEDGE-Router#copy run startOn the EDGE-Router -How to Configuring the AAA, enable the Root View and enter the enable secret password configured.EDGE-Router#conf tEDGE-Router(config)#aaa new-modelEDGE-Router(config)#exitEDGE-Router#enable viewPassword: skibbz100'EDGE-Router#%PARSER-6-VIEW_SWITCH: successfully set to view ‘root’.'EDGE-Router# copy run startEnable view (Enable the Root view ) Role Base View Base Examination After ConfigurationHow to Configured and assign Helpdesk Role-base view to include
show version
,
show parser view
and
show ip interface brief 
.First enter the root view using to configured and assigned role bases view.EDGE-Router#enable viewPassword: irfee100EDGE-Router#%PARSER-6-VIEW_SWITCH: successfully set to view ‘root’.EDGE-Router#conf tEDGE-Router(config)#parser view Helpdesk EDGE-Router(config-view)#%PARSER-6-VIEW_CREATED: view ‘Helpdesk’ successfully created.EDGE-Router(config-view)#secret helpdeskirfeeEDGE-Router(config-view)#command exec include show versionEDGE-Router(config-view)#command exec include show parser view
 
EDGE-Router(config-view)#command exec include show ip interfaceEDGE-Router(config-view)#exitEDGE-Router(config)#exitEDGE-Router#copy run startEDGE-Router#enable view Helpdesk Password: helpdeskirfeeEDGE-Router#%PARSER-6-VIEW_SWITCH: successfully set to view ‘Helpdesk’.EDGE-Router#show parser viewCurrent view is ‘Helpdesk’How to Configured and assign Support Tech Role-base view to allow all the show commandEDGE-Router>enEDGE-Router#enable viewPassword: irfee100EDGE-Router#%PARSER-6-VIEW_SWITCH: successfully set to view ‘root’.EDGE-Router#conf tEDGE-Router(config)#parser view SupportTechEDGE-Router(config-view)#%PARSER-6-VIEW_CREATED: view ‘SupportTech’ successfully created.EDGE-Router(config-view)#secret supporttechirfeeEDGE-Router(config-view)#command exec include all showEDGE-Router(config-view)#endEDGE-Router#copy run startEDGE-Router#enable view SupportTechPassword: supporttechirfeeEDGE-Router#%PARSER-6-VIEW_SWITCH: successfully set to view ‘SupportTech’.EDGE-Router#show parser viewCurrent view is ‘SupportTech’How to Configured and assign IT Head Role-base view to include all show, config and debug, reloadEDGE-Router>enEDGE-Router#enable viewPassword: irfee100EDGE-Router#%PARSER-6-VIEW_SWITCH: successfully set to view ‘root’.EDGE-Router#conf tEDGE-Router(config)#parser view ITHeadEDGE-Router(config-view)#%PARSER-6-VIEW_CREATED: view ‘ITHead’ successfully created.EDGE-Router(config-view)#secret itheadirfeeEDGE-Router(config-view)#command exec include all showEDGE-Router(config-view)#command exec include all config terminalEDGE-Router(config-view)#command exec include all debugEDGE-Router(config-view)#command exec include all reloadEDGE-Router(config-view)#exitEDGE-Router(config)#exitEDGE-Router#copy run startEDGE-Router#enable view ITHeadPassword: itheadirfeeEDGE-Router#%PARSER-6-VIEW_SWITCH: successfully set to view ‘ITHead’.EDGE-Router#show parser viewCurrent view is ‘ITHead’Helpdesk Role-base view Examination after Configuration

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->