CBT IT Certification Training

Unlimited IT Certification Courses via Streaming Video

Role-Based CLI Access

Lab 8 

Role-Based CLI Access

Back to book index.

Lab Objective:

The objective of this lab exercise is for you to learn and understand how implement Role Based CLI access on Cisco IOS routers.

Lab Purpose:

The Role-Based CLI Access feature allows the network administrator to define “views,” which are a set of operational commands and configuration capabilities that provide selective or partial access to EXEC and configuration mode commands. This allows administrators to exercise better control over access to Cisco networking devices.

Lab Difficulty:

This lab has a difficulty rating of 8/10.

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 15 minutes. 

Lab Topology:

Please use any single router to complete this lab

Lab 8 1

Lab 8 Configuration Tasks 

Task 1:

Configure the hostname of the router as illustrated in the following diagram.

Task 2:

Configure an enable secret of c?sco on R1.

Task 3:

Configure the IOS Role-Based CLI Access on R1 as follows:

View Name View Password View Commands
BASIC basic 1.      The show hardware command

2.      The show version command

3.      The show inventory command
EXPERT expert 1.      All show commands
CONFIG config 1.      All configure commands

Task 4:

Create a view named SUPER. This View should contain all possible show and configure commands contained in all other views that were previously created. 

Task 5:

Verify your configuration by logging into the router using different credentials.

Lab 8 Configuration and Verification

Task 1:

Router(config)#hostname R1

R1(config)#end

R1#

 Task 2:

To complete this Task, it is important that you remember that you must use the CTRL/V keystrokes to be able to use the question mark in a password on Cisco IOS devices.

R1(config)#enable secret c?sco

R1(config)#exit

R1#

Task 3:

R1(config)#aaa new-model

R1(config)#exit

R1#disable

R1>enable view

Password:

 

R1#

R1#show parser view

Current view is ‘root'

R1#

R1#

R1#config t

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#parser view BASIC

R1(config-view)#secret basic

R1(config-view)#commands exec include show hardware

R1(config-view)#commands exec include show version

R1(config-view)#commands exec include show inventory

R1(config-view)#exit

R1(config)#parser view EXPERT

R1(config-view)#secret expert

R1(config-view)#commands exec include all show

R1(config-view)#exit

R1(config)#parser view CONFIG

R1(config-view)#secret config

R1(config-view)#commands exec include all configure

R1(config-view)#exit

R1(config)#exit

R1#

Task 4:

R1(config)#parser view SUPER superview

R1(config-view)#secret super

R1(config-view)#view BASIC

R1(config-view)#view EXPERT

R1(config-view)#view CONFIG

R1(config-view)#exit

R1(config)#exit

R1#

Task 5:

The first view we will validate is the BASIC view as configured on R1. This view will be limited to just a select few show commands.

R1#disable

R1>

R1>

R1>enable view BASIC

Password:

 

R1#

R1#

R1#?

Exec commands:

enable  Turn on privileged commands

exit    Exit from the EXEC

show    Show running system information

R1#

R1#show ?

flash:     display information about flash: file system

hardware   Hardware specific information

inventory  Show the physical inventory

parser     Show parser commands

version    System hardware and software status

R1#

R1#show parser view

Current view is ‘BASIC'

The second view we will validate is the EXPERT view as configured on R1. This view will have access to the entire range of show commands.

R1>enable view EXPERT

Password:

 

R1#

R1#

R1#show parser view

Current view is ‘EXPERT'

R1#

R1#?

Exec commands:

enable  Turn on privileged commands

exit    Exit from the EXEC

show    Show running system information

R1#

R1#show ?

aaa                   Show AAA values

accounting            Accounting data for active sessions

alarm-interface       Display information about a specific Alarm Interface

Card

alignment             Show alignment information

appfw                 Application Firewall information

archive               Archive of the running configuration information

arp                   ARP table

auto                  Show Automation Template

backup                Backup status

—-[Truncated Output]—-

The third view we will validate is the CONFIG view as configured on R1. This view will have only configuration commands.

R1>enable view CONFIG

Password:

 

R1#?

Exec commands:

configure  Enter configuration mode

enable     Turn on privileged commands

exit       Exit from the EXEC

show       Show running system information

 

R1#show ip int brie

^

% Invalid input detected at ‘^' marker.

 

R1#configure

Configuring from terminal, memory, or network [terminal]? terminal

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#

R1(config)#exit

R1#

R1#show parser view

Current view is ‘CONFIG'

The final view we will validate is the SUPER view as configured on R1. This view will have all possible show and configure commands that are supported in the Cisco IOS software. However, this view will not have any debug commands available!! Those will be available to the ROOT.

R1>enable view SUPER

Password:

 

R1#?

Exec commands:

configure  Enter configuration mode

enable     Turn on privileged commands

exit       Exit from the EXEC

show       Show running system information

R1#

R1#show ip interface brief

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            unassigned      YES manual up                    up

Serial0/0                  unassigned      YES manual up                    up

R1#

R1#configure

Configuring from terminal, memory, or network [terminal]? terminal

Enter configuration commands, one per line.  End with CNTL/Z.

R1(config)#exit

R1#

R1#show parser view

Current view is ‘SUPER

Lab 8 Configurations

R1 Configuration

R1#show run

Building configuration…

 

Current configuration : 1295 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

no logging console

enable secret 5 $1$bj1Q$6UA5t8qk8xaXVH0vZC3WB/

!

aaa new-model

!

!

!

!

aaa session-id common

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

!

multilink bundle-name authenticated

!

!

!

!

!

archive

log config

hidekeys

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface Serial0/0

no ip address

!

ip forward-protocol nd

!

!

ip http server

no ip http secure-server

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 3

line vty 4

parser view BASIC

secret 5 $1$oi7H$u4u8IrhImpWVXHs2nfDKp0

commands exec include show inventory

commands exec include show version

commands exec include show hardware

commands exec include show

!

parser view EXPERT

secret 5 $1$aPyv$Oq/lUadCBjEG5HyNo09Qu1

commands exec include all show

!

parser view CONFIG

secret 5 $1$g/3P$kazl6S9zkjDNV.Fsc4AWe/

commands exec include configure

!

parser view SUPER superview

secret 5 $1$tZZl$UW/C0ZeJ/rn6C3ntutJo01

view BASIC

view EXPERT

view CONFIG

!

!

!

end
content-filler