Task Project:
Configure role-based access control on BR3 router:
a. Create user1, user2, user3, user4 and user5 with cisco1 password.
i. user1 should be authorized to issue all privileged mode commands except
āshow versionā and āshow ip routeā but should be able to issue āshow ip *ā
commands.
ii. user2 should be authorized to issue all user (unprivileged) mode commands
including āshow versionā but not āshow ip routeā.
b. Create view-context āshow_viewā:
i. Include āshow versionā command
ii. Include all unprivileged commands of āshow ip *ā
iii. Include āwhoā command
iv. user3 should land in this context after successful authentication on local or
remote console.
c. Create view-context āping_viewā:
i. Include āpingā command
ii. Include ātracerouteā command
iii. user4 should land in this context after successful authentication on local or
remote console.
d. Create superview-context that combines these 2 contexts. user5 should land in this
superview-context after successful authentication on local or remote console.
e. Make sure that users cannot issue any other commands within contexts that are
assigned to them (except show banner and show parser, which are implicitly included
in any view).
Solution:
enable secret level 2 5 wsi
enable secret level 7 5 wsi
enable password wsi
aaa new-model
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
privilege exec level 10 show ip route
privilege exec level 2 show ip
privilege exec level 5 show version
privilege exec level 2 show
username wsc2017 privilege 15 secret cisco1
username user1 privilege 2 password 7 cisco1
username user2 privilege 7 password 7 cisco1
username user3 view show_view secret 5 cisco1
username user4 view ping_view secret 5 cisco1
username user5 view super_view secret 5 cisco1
parser view show_view
secret 5 wsi
commands exec include who
commands exec include all show ip
commands exec include show version
commands exec include show
parser view ping_view
secret 5 wsi
commands exec include all traceroute
commands exec include all ping
parser view super_view superview
secret 5 wsi
view show_view
view ping_view
Finish.
Configure role-based access control on BR3 router:
a. Create user1, user2, user3, user4 and user5 with cisco1 password.
i. user1 should be authorized to issue all privileged mode commands except
āshow versionā and āshow ip routeā but should be able to issue āshow ip *ā
commands.
ii. user2 should be authorized to issue all user (unprivileged) mode commands
including āshow versionā but not āshow ip routeā.
b. Create view-context āshow_viewā:
i. Include āshow versionā command
ii. Include all unprivileged commands of āshow ip *ā
iii. Include āwhoā command
iv. user3 should land in this context after successful authentication on local or
remote console.
c. Create view-context āping_viewā:
i. Include āpingā command
ii. Include ātracerouteā command
iii. user4 should land in this context after successful authentication on local or
remote console.
d. Create superview-context that combines these 2 contexts. user5 should land in this
superview-context after successful authentication on local or remote console.
e. Make sure that users cannot issue any other commands within contexts that are
assigned to them (except show banner and show parser, which are implicitly included
in any view).
Solution:
enable secret level 2 5 wsi
enable secret level 7 5 wsi
enable password wsi
aaa new-model
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
privilege exec level 10 show ip route
privilege exec level 2 show ip
privilege exec level 5 show version
privilege exec level 2 show
username wsc2017 privilege 15 secret cisco1
username user1 privilege 2 password 7 cisco1
username user2 privilege 7 password 7 cisco1
username user3 view show_view secret 5 cisco1
username user4 view ping_view secret 5 cisco1
username user5 view super_view secret 5 cisco1
parser view show_view
secret 5 wsi
commands exec include who
commands exec include all show ip
commands exec include show version
commands exec include show
parser view ping_view
secret 5 wsi
commands exec include all traceroute
commands exec include all ping
parser view super_view superview
secret 5 wsi
view show_view
view ping_view
Finish.
Comments
Post a Comment