In the last post we observed how to implement Role Based Access Control by using Privilege Levels, But problem with Privilege levels is we have to assign each and every command individually to all the users. We can implement Role Based Access Control more easily by using Parser Views.
Parser Views:
->By using Parser Views we can specify which commands are allowed to the user in a easy way.
-> Parser Views are nothing but user account with allowed commands for the user.
-> In order to create Parser View, AAA must be enabled and Root Views also need to be enabled.
Steps:
1) Enable AAA
Router(conf)# aaa new-model
2)Enable Root Views
Router> enable view
Pass:****
3) Router# configure terminal
Router(conf)# Parser view ccnp
Note: ccnp is the view name where we can associate list of commands.
Router(conf-view)#secret cisco
Note: assigning the password cisco to the view
Router(conf-view)# commands exec include all show
Router(conf-view)# commands exec include configure
Router(conf-view)# commands configure include router
Router(conf-view)# exit
4) Assign this view to the user
Router(config)# user ccnp view ccnp password ccnp
verification # show parser view
Parser Views:
->By using Parser Views we can specify which commands are allowed to the user in a easy way.
-> Parser Views are nothing but user account with allowed commands for the user.
-> In order to create Parser View, AAA must be enabled and Root Views also need to be enabled.
Steps:
1) Enable AAA
Router(conf)# aaa new-model
2)Enable Root Views
Router> enable view
Pass:****
3) Router# configure terminal
Router(conf)# Parser view ccnp
Note: ccnp is the view name where we can associate list of commands.
Router(conf-view)#secret cisco
Note: assigning the password cisco to the view
Router(conf-view)# commands exec include all show
Router(conf-view)# commands exec include configure
Router(conf-view)# commands configure include router
Router(conf-view)# exit
4) Assign this view to the user
Router(config)# user ccnp view ccnp password ccnp
verification # show parser view
0 comments:
Post a Comment