How to create a user to execute all commands except show version?

T

Trent Edison2017-09-13 10:01:59

System administration

Trent Edison, 2017-09-13 10:01:59

The user user must be authorized to issue all privileged mode commands except show version and show ip route, but must be authorized to issue all other show ip * commands.
I create a user (username user password cisco), create a view (parser view ForUser), bind the user to the view (username user view ForUser password cisco). I go to the user via ssh and see:

This user needs to have all the commands except show version and show ip route. I know that they can be added one at a time with "commands exec include all show" and disabled with "commands exec exclude all show".
So, how to add all possible commands at once and only then disable unnecessary ones?
Don't add them one by one.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

DDwrt100, 2019-06-14
@DDwrt100

As far as I remember, that's how it is. Local command management mechanism, not very convenient. You can try to manage rights using the tacacs+ AAA server. It should be easier there.