+ Reply to Thread
Results 1 to 6 of 6
  1. Member MikeO5422's Avatar
    Join Date
    Nov 2008
    Location
    Albany
    Posts
    74

    Certifications
    Network+, CCENT, CCNA R&S, CCNA Security, CCNP R&S, GIAC GCIA, GIAC GREM
    #1

    Default Privilege Level vs Parser View

    I am having some difficulty understanding the difference between a privilege level and a parser view. From what I understand, both allow you to assign commands to a view or privilege level. What is the difference between the two? The book I have really does a poor job at explaining parser views and I am finding very limited information on it. Any ideas?!
    Last edited by MikeO5422; 12-10-2011 at 09:35 PM.
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member ChooseLife's Avatar
    Join Date
    Feb 2011
    Location
    runlevel 3
    Posts
    926

    Certifications
    BCSc Network Security, VCP, MCSA:Sec, CCNA:Sec, GIAC GSEC, Sec+, ITIL-f
    #2
    That's a very good question. The two are generally similar, but parser views are more flexible.

    Privilege levels implement a hierarchy that makes a higher level have access to all commands granted to a lower level, which makes it practically impossible to configure them for more than one non-overlapping roles. Parser views are independent from one another and thus are more flexible. Inheritance is possible with parser views (using superviews), but that's a feature, not an unavoidable obstacle.

    One example:

    Role A should only be able to view interface statuses
    Role B should only be able to view routing table
    Role C should be able to view interfaces statuses, routing table, and enable/disable interfaces.

    This can be done with parser views in a straightforward manner (and using meaningful labels as an extra bonus), whereas with privilege level, it's impossible to configure roles A and B in such way that one wouldn't inherit the other (because one would have a higher level).

    Hope that helps.
    Reply With Quote Quote  

  4. Member MikeO5422's Avatar
    Join Date
    Nov 2008
    Location
    Albany
    Posts
    74

    Certifications
    Network+, CCENT, CCNA R&S, CCNA Security, CCNP R&S, GIAC GCIA, GIAC GREM
    #3
    That is very helpful and makes a lot of sense. Thank you.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Jun 2007
    Location
    Malta
    Posts
    172

    Certifications
    A+, CCENT, ITIL:F, Security+, CEH , CCNA , BSc IT Hons, CCNA:Security, CCNP R&S, RHCSA, SCP, ITIL Intermediate (Various)
    #4
    In a nut shell a view allows you to specify exactly what commands are available, lets say for help desk support you will only grant show commands, a privilege level on the other hand will automatically grant access to commands defined at privilege level X and any lower privilege level commands. Hence a view is more granular.
    Reply With Quote Quote  

  6. Member
    Join Date
    Apr 2004
    Location
    Michigan
    Posts
    63

    Certifications
    MCSE in Server 2012, VMware VCAP, CISSP, Security+, CCNA
    #5
    Just ran across this topic after wondering about the difference myself and thought I would do a reply so it would pop up on the forums for others. It is a subtle sort of difference that I can imagine being made into a test question
    Reply With Quote Quote  

  7. Network Engineer Hondabuff's Avatar
    Join Date
    Aug 2012
    Location
    USA
    Posts
    637

    Certifications
    CCNA:S, CCNA, CCENT, CCNP:R&S,MECP, A+, Network+, Security+, Network Security Diploma
    #6
    Parser views get assigned a privilege level. For example, Engineers would have a username and login locally to the switch that would allow them Priv level 15. A NOC employee would have a username and password "Parser view" that would give them Privilege level of 7 and you would lock out commands such as "configure terminal, reload, etc". Parser views are not scalable and not used in production environments that I ever ran across. Most enterprises will use a Cisco ACS server utilizing TACACS and you assign Priv levels to a group and assign the person(s) to a group that has the proper permission levels.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks