Open Alexandru1982 opened 8 years ago
Hey, there and sorry about the ridiculously long reply. If this is even still relevant to you:
priv-lvl=15
this forces auto-enable/superuser on Cisco IOS* devices.command_deny
patterns, you need them to be regular expressions that match the command "root" and any arguments e.g. "interface .*"
.Do you want to actually disallow entering config mode? If so you could use a lower privilege level like 1.
Hi, Is it possible to deny commands after entering conf mode on cisco? Does do_auth.ini allow this? So far i can use "command_deny" only for "conf term" and not for commands available in config mode.
Ex : How do i deny, let's say, #conf t, #(config) interface.* ?