Настройка механизмов безопасности
1. На маршрутизаторе BR3 настройте ролевое управление доступом
a. Создайте пользователей user1, user2, user3, user4 и user5с паролем cisco.
i. Пользователь user2 должен быть авторизован выполнять все команды непривилегированного режима включая show version, но не show ip route
ii. Пользователь user1 должен быть авторизован выполнять все команды привилегированного режима кроме show version и show ip route, но должен быть авторизован выполнять все остальные команды show ip *
b. Создайте view-контекст “show_view”. Включите в него
i. Команду show version
ii. Все команды show ip *
iii. Команду who
iv. При входе на маршрутизатор пользовательuser3 должен попадать в данный контекст
c. Создайте view-контекст “ping_view”. Включите в него
i. Команду ping
ii. Команду traceroute
iii. При входе на маршрутизатор пользователь user4 должен попадать в данный контекст
d. Создайте superview-контекст, объединяющий эти 2 контекста. Создайте пользователя user5 с паролем cisco. При входе на маршрутизатор пользователь user5 должен попадать в данный контекст
e. Убедитесь, что пользователи не могут выполнять другие команды в рамках присвоенных контекстов.
BR3(config) parser view user1
Secret cisco
Commands exec include all help
Commands exec include all mediatrace
Commands exec include all event
Commands exec include all mgcp
Commands exec include all sdlc
Commands exec include all emadmin
Commands exec include all vtp
Commands exec include all no vtp
Commands exec include all vlan
Commands exec include all ncia
Commands exec include all eou
Commands exec include all snmp
Commands exec include all spec-file
Commands exec include all rename
Commands exec include all copy
Commands exec include all delete
Commands exec include all dir
Commands exec include all pwd
Commands exec include all cd
Commands exec include all mkdir
Commands exec include all rmdir
Commands exec include all erase
Commands exec include all format
Commands exec include all partition
Commands exec include all fsck
Commands exec include all more
Commands exec include all archive
Commands exec include all squeeze
Commands exec include all verify
Commands exec include all dcm
Commands exec include all cns
Commands exec include all alps
Commands exec include all license
Commands exec include all dot1x
Commands exec include all crypto
Commands exec include all flush
Commands exec include all file-acct flush
Commands exec include all file-acct
Commands exec include all audio-prompt
Commands exec include all release
Commands exec include all renew
Commands exec include all credential
Commands exec include all ephone-hunt
Commands exec include all ccm-manager
Commands exec include all voice
Commands exec include all access-enable
Commands exec include all access-template
Commands exec include all start-chat
Commands exec include all beep
Commands exec include all ct-isdn
Commands exec include all isdn
Commands exec include all webvpn
Commands exec include all ssh
Commands exec include all ips
Commands exec include all xconnect
Commands exec include all x28
Commands exec include all x3
Commands exec include all pad
Commands exec include all rrr
Commands exec include all mtrace
Commands exec include all mstat
Commands exec include all mrinfo
Commands exec include all which-route
Commands exec include all connect
Commands exec include all radius
Commands exec include all ppp
Commands exec include all slip
Commands exec include all lat
Commands exec include all bfe
Commands exec include all udptn
Commands exec include all ntp
Commands exec include all mpls
Commands exec include all rsh
Commands exec include all access-profile
Commands exec include all restart
Commands exec include all rlogin
Commands exec include all dot11
Commands exec include all vstack
Commands exec include all service-module
Commands exec include all if-mgr
Commands exec include all calendar
Commands exec include all clock
Commands exec include all redundancy
Commands exec include all microcode
Commands exec include all fpm
Commands exec include all ethernet
Commands exec include all monitor
Commands exec include all write