Task Project:
Configure role-based access control on BR3 router:
a. Create user1, user2, user3, user4 and user5 with cisco1 password.
i. user1 should be authorized to issue all privileged mode commands except
“show version” and “show ip route” but should be able to issue “show ip *”
commands.
ii. user2 should be authorized to issue all user (unprivileged) mode commands
including “show version” but not “show ip route”.
b. Create view-context “show_view”:
i. Include “show version” command
ii. Include all unprivileged commands of “show ip *”
iii. Include “who” command
iv. user3 should land in this context after successful authentication on local or
remote console.
c. Create view-context “ping_view”:
i. Include “ping” command
ii. Include “traceroute” command
iii. user4 should land in this context after successful authentication on local or
remote console.
d. Create superview-context that combines these 2 contexts. user5 should land in this
superview-context after successful authentication on local or remote console.
e. Make sure that users cannot issue any other commands within contexts that are
assigned to them (except show banner and show parser, which are implicitly included
in any view).
Solution:
enable secret level 2 5 wsi
enable secret level 7 5 wsi
enable password wsi
aaa new-model
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
privilege exec level 10 show ip route
privilege exec level 2 show ip
privilege exec level 5 show version
privilege exec level 2 show
username wsc2017 privilege 15 secret cisco1
username user1 privilege 2 password 7 cisco1
username user2 privilege 7 password 7 cisco1
username user3 view show_view secret 5 cisco1
username user4 view ping_view secret 5 cisco1
username user5 view super_view secret 5 cisco1
parser view show_view
secret 5 wsi
commands exec include who
commands exec include all show ip
commands exec include show version
commands exec include show
parser view ping_view
secret 5 wsi
commands exec include all traceroute
commands exec include all ping
parser view super_view superview
secret 5 wsi
view show_view
view ping_view
Finish.
Configure role-based access control on BR3 router:
a. Create user1, user2, user3, user4 and user5 with cisco1 password.
i. user1 should be authorized to issue all privileged mode commands except
“show version” and “show ip route” but should be able to issue “show ip *”
commands.
ii. user2 should be authorized to issue all user (unprivileged) mode commands
including “show version” but not “show ip route”.
b. Create view-context “show_view”:
i. Include “show version” command
ii. Include all unprivileged commands of “show ip *”
iii. Include “who” command
iv. user3 should land in this context after successful authentication on local or
remote console.
c. Create view-context “ping_view”:
i. Include “ping” command
ii. Include “traceroute” command
iii. user4 should land in this context after successful authentication on local or
remote console.
d. Create superview-context that combines these 2 contexts. user5 should land in this
superview-context after successful authentication on local or remote console.
e. Make sure that users cannot issue any other commands within contexts that are
assigned to them (except show banner and show parser, which are implicitly included
in any view).
Solution:
enable secret level 2 5 wsi
enable secret level 7 5 wsi
enable password wsi
aaa new-model
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
privilege exec level 10 show ip route
privilege exec level 2 show ip
privilege exec level 5 show version
privilege exec level 2 show
username wsc2017 privilege 15 secret cisco1
username user1 privilege 2 password 7 cisco1
username user2 privilege 7 password 7 cisco1
username user3 view show_view secret 5 cisco1
username user4 view ping_view secret 5 cisco1
username user5 view super_view secret 5 cisco1
parser view show_view
secret 5 wsi
commands exec include who
commands exec include all show ip
commands exec include show version
commands exec include show
parser view ping_view
secret 5 wsi
commands exec include all traceroute
commands exec include all ping
parser view super_view superview
secret 5 wsi
view show_view
view ping_view
Finish.
Comments
Post a Comment