泰克实验室塑造 发表于 2014-5-8 17:19:30

role-based views

role-based views指建立一个view,指定telnet进来的用户用哪个view权限能使用哪些命令
例:
aaa new-model必须全局启用
enable password cisco123   建立view的时候用到enable密码
#enable view
输入enable密码即15级权限密码
*Mar1 00:03:00.247: %PARSER-6-VIEW_SWITCH: successfully set to view 'root'.
r2(config)#parser view abc
r2(config-view)#commands exec include configure//必须先设置view的密码
% Password not set for the view abc
r2(config-view)#secret cisco
r2(config-view)#commands exec include configure
r2(config-view)#commands exec include configureterminal
r2(config-view)#commands configure include interface
r2(config-view)#commands configure include interface fastethernet 0/1
r2(config-view)#commands interface include shutdown
r2(config-view)#commands interface includeno shutdown
从R1 telnet R2的时候提示输入用户名,密码,输入正确后enable view abc,则只有些命令权限。
同时实验结果表明:当启用aaa new-model后,默认在所有的vty下应用了认证授权local,但是console下没有应用。如果手动写一条aaa authe default local则console和vty下都应用了local。

phil 发表于 2014-12-24 17:41:42

Thanks for your information.
页: [1]
查看完整版本: role-based views