Cisco 7604 Configuration Guide - Page 539
con terminal, clear con filter
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 539 highlights
Chapter 23 Configuring Management Access AAA for System Administrators Step 2 • show | clear | cmd-These optional keywords let you set the privilege only for the show, clear, or configure form of the command. The configure form of the command is typically the form that causes a configuration change, either as the unmodified command (without the show or clear prefix) or as the no form. If you do not use one of these keywords, all forms of the command are affected. • level level-A level between 0 and 15. • mode {enable | configure}-If a command can be entered in user EXEC/privileged EXEC mode as well as configuration mode, and the command performs different actions in each mode, you can set the privilege level for these modes separately: - enable-Specifies both user EXEC mode and privileged EXEC mode. - configure-Specifies configuration mode, accessed using the configure terminal command. • command command-The command you are configuring. You can only configure the privilege level of the main command. For example, you can configure the level of all aaa commands, but not the level of the aaa authentication command and the aaa authorization command separately. Also, you cannot configure the privilege level of commands that are in a configuration mode entered by the main command separately from the main command. For example, you can configure the context command, but not the allocate-interface command, which inherits the settings from the context command. To enable local command authorization, enter the following command: hostname(config)# aaa authorization command LOCAL Even if you set command privilege levels, command authorization does not take place unless you enable command authorization with this command. OL-20748-01 For example, the filter command has the following forms: • filter (represented by the configure option) • show running-config filter • clear configure filter You can set the privilege level separately for each form, or set the same privilege level for all forms by omitting this option. For example, set each form separately as follows. hostname(config)# privilege show level 5 command filter hostname(config)# privilege clear level 10 command filter hostname(config)# privilege cmd level 10 command filter Alternatively, you can set all filter commands to the same level: hostname(config)# privilege level 5 command filter The show privilege command separates the forms in the display. The following example shows the use of the mode keyword. The enable command must be entered from user EXEC mode, while the enable password command, which is accessible in configuration mode, requires the highest privilege level. hostname(config)# privilege cmd level 0 mode enable command enable hostname(config)# privilege cmd level 15 mode cmd command enable hostname(config)# privilege show level 15 mode cmd command enable The following example shows an additional command, the configure command, that uses the mode keyword: hostname(config)# privilege show level 5 mode cmd command configure Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM 23-17