+ Reply to Thread
Results 1 to 10 of 10
  1. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #1

    Default Parser View vs.Custom Privilege Level

    I've been reading back through the OCG creating notes and I have a question. Why would you pick pick a Parser View over a custom privilege level and vice versa?
    Currently working on: Resting
    Reply With Quote Quote  

  2. SS -->
  3. DCD
    DCD is offline
    Senior Member DCD's Avatar
    Join Date
    Jan 2013
    Location
    San Francisco , Ca
    Posts
    437

    Certifications
    CCNA
    #2
    Parser View allows you to customize the command you are allowed to execute. With the Parser View you could limit it to just the show command or restrict it to just a one or two show commands.
    With Privilege level you are allowed all the commands for that level no restrictions.
    Reply With Quote Quote  

  4. Netzwerksicherheit Master Of Puppets's Avatar
    Join Date
    Jan 2013
    Location
    /dev/null
    Posts
    1,175

    Certifications
    CCNA R&S, CCNA Security, CCNP R&S, CCNP Security
    #3
    It is a lot more flexible and allows you to be more granular while the custom thing is restrictive. However, I don't really see any benefits of using the custom privilege level. It's not like the views are harder to configure, IMO.
    Reply With Quote Quote  

  5. Audentis Fortuna Iuvat veritas_libertas's Avatar
    Join Date
    Feb 2009
    Posts
    5,654

    Certifications
    eCPPT, GPEN, GWAPT, GCIH, CISSP, CCNA (expired), MCTS
    #4
    This is what I thought as well. The text wasn't all that thorough on usage so I wanted to hear from those in the field and see how it was being used.
    Currently working on: Resting
    Reply With Quote Quote  

  6. Senior Member Vask3n's Avatar
    Join Date
    Oct 2005
    Posts
    499

    Certifications
    ASA Specialist, CCNA Security, CCNA R/S , CCENT, JNCIA, A+, Security+, CST
    #5
    I think the main benefit of using Views is that a user can belong to multiple views whereas they can only belong to one Privilege level.
    Reply With Quote Quote  

  7. Senior Member Vask3n's Avatar
    Join Date
    Oct 2005
    Posts
    499

    Certifications
    ASA Specialist, CCNA Security, CCNA R/S , CCENT, JNCIA, A+, Security+, CST
    #6
    Quote Originally Posted by Vask3n View Post
    I think the main benefit of using Views is that a user can belong to multiple views whereas they can only belong to one Privilege level.

    I felt like whipping up this example, I know it's not realistic but basically just showing how you can have one user with multiple views

    R1(config)#aaa new-
    R1(config)#exit
    R1#enable view
    % Already inside the view root. [I was already in root view]
    R1#conf t
    Enter configuration commands, one per line. End with CNTL/Z.


    R1(config)#parser view Intern
    R1(config-view)#secret Cisco
    R1(config-view)#commands exec include all show
    R1(config-view)#exit


    R1(config)#parser view LAN_ENGINEER
    R1(config-view)#secret Cisco
    R1(config-view)#commands configure include all vlan
    R1(config-view)#exit


    R1(config)#parser view WAN_ENGINEER
    R1(config-view)#secret Cisco
    R1(config-view)#commands configure include all ip
    R1(config-view)#exit

    R1(config)#username adam view WAN_ENGINEER view LAN_ENGINEER secret 0 Cisco
    Last edited by Vask3n; 08-21-2013 at 06:49 AM.
    Reply With Quote Quote  

  8. Senior Member iamme4eva's Avatar
    Join Date
    Jan 2013
    Location
    North Yorkshire, United Kingdom
    Posts
    269

    Certifications
    CCNA, CCNP(R&S)
    #7
    That's pretty useful Vask3n, thanks!
    Reply With Quote Quote  

  9. Senior Member iamme4eva's Avatar
    Join Date
    Jan 2013
    Location
    North Yorkshire, United Kingdom
    Posts
    269

    Certifications
    CCNA, CCNP(R&S)
    #8
    I just tried that in GNS3, and it didn't work.

    The command was accepted, but when you do a show run after, it only actually shows the last view you entered on the line...

    so:

    username adam view WAN_ENGINEER view LAN_ENGINEER secret 0 Cisco

    would be

    username adam view LAN_ENGINEER secret 0 Cisco

    in the running config.

    EDIT: That set me off on a google hunt. Turns out you can assign multiple views to a "superview", and then assign a superview to a user.

    parser view VIEW_NAME superview
    view LAN_ENGINEER
    view WAN_ENGINEER
    exit
    username LANWANGUY view VIEW_NAME secret cisco

    Something like that.
    Last edited by iamme4eva; 08-21-2013 at 10:17 AM.
    Reply With Quote Quote  

  10. Senior Member Vask3n's Avatar
    Join Date
    Oct 2005
    Posts
    499

    Certifications
    ASA Specialist, CCNA Security, CCNA R/S , CCENT, JNCIA, A+, Security+, CST
    #9
    Oh, thanks for checking that out! Kinda like creating a object group of views, I forgot there was the initial step with creating the superview!

    The interesting thing is that if you use context-sensitive help, it does list view as a valid next command after the first view is assigned, but it only takes the last one you entered.
    Quote Originally Posted by iamme4eva View Post
    I just tried that in GNS3, and it didn't work.

    The command was accepted, but when you do a show run after, it only actually shows the last view you entered on the line...

    so:

    username adam view WAN_ENGINEER view LAN_ENGINEER secret 0 Cisco

    would be

    username adam view LAN_ENGINEER secret 0 Cisco

    in the running config.

    EDIT: That set me off on a google hunt. Turns out you can assign multiple views to a "superview", and then assign a superview to a user.

    parser view VIEW_NAME superview
    view LAN_ENGINEER
    view WAN_ENGINEER
    exit
    username LANWANGUY view VIEW_NAME secret cisco

    Something like that.
    Last edited by Vask3n; 08-21-2013 at 04:54 PM.
    Reply With Quote Quote  

  11. Senior Member iamme4eva's Avatar
    Join Date
    Jan 2013
    Location
    North Yorkshire, United Kingdom
    Posts
    269

    Certifications
    CCNA, CCNP(R&S)
    #10
    Hey, thanks for giving me something to look up! Parser Views was one of those things I just sort of skipped through and thought I just got - but as I've been reading and googling today, I've learned a lot more!
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks