•
•
•
esr# show aaa authentication
13.2 Command privilege configuration
Command privilege configuration is a flexible tool that allows you to assign baseline user privilege level (1–15)
to a command set. In future, you may specify privilege level during user creation which will define a command
set available to them.
Levels 1-9 enable all monitoring commands (show …);
Levels 10-14 enable all commands except for device reboot, user management and other specific
commands;
Level 15 enables all monitoring commands.
13.2.1 Configuration algorithm
To change minimum privilege level required for CLI command execution, use the following command:
esr(config)# privilege <COMMAND-MODE> level <PRIV><COMMAND>
<COMMAND-MODE> – command mode;
<PRIV> – required command subtree privilege level, takes value in the range of [1..15];
<COMMAND> – command subtree, set by the string of up to 255 characters.
13.2.2 Example of command privilege configuration
Objective:
Transfer all interface information display commands to the privilege level 10 except for 'show interfaces
bridges' command. Transfer 'show interfaces bridges' command to the privilege level 3.
Solution:
In configuration mode, identify commands enabled for operation under privilege level 10 and privilege level 3:
esr(config)# privilege root level 3 "show interfaces bridge"
esr(config)# privilege root level 10 "show interfaces"
13.3 Configuration of logging and protection against network attacks
13.3.1 Configuration algorithm
Step Description Command Keys
1 Enable protection against ICMP flood
attacks.
esr(config)# ip firewall screen dos-
defense
icmp-threshold { <NUM> }
<NUM> – amount of ICMP
packets per second, set in the
range of [1..10000]
To Next Page
Loading...
