PIX + privilege command

Hi ,

I am trying to understand the privilege command on a PIX 6.3(5) . What i need is to create a user that can only do

-sh run

-sh log

-clear log

According to PIX doc;

"When users log in to the PIX Firewall, they can enter any command assigned to their privilege level or to lower privilege levels. For example, a user account with a privilege level of 15 can access every command because this is the highest privilege level. A user account with a privilege level of 0 can only access the commands assigned to level 0. "

So i did the following;

1-Create a user with privilege 5 username user5 password pass5 privilege 5

2-Modify privilege level of the mentionned command from 15 to 5 privilege show level 5 command running-config privilege show level 5 mode configure command logging privilege clear level 5 mode configure command logging

Now when i log in the PIX with this user

login

Username:user5 Password:********

I can still go in configuration mode and modify the config , i still have access to privilege 15 commands

Can anyone tell me what i am missing ?

thanks

Reply to
mcaissie
Loading thread data ...

Problem resolved , i also needed the authorisation command

aaa authorization command LOCAL

Reply to
mcaissie

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.