Role-based CLI

Hello community,


While messing with role-based CLI I tried to limit user access to configuring only a single type of routing protocol (i.e. BGP). But unfortunately with no success: it seems either unsupported or bugged in my version of IOU (15.4(1)T).


R4(config)#parser view TEST

R4(config-view)#secret test

R4(config-view)#commands configure include all router bgp

R4(config-view)#commands exec include configure terminal

R4(config-view)#commands exec include configure

R4(config-view)#do sh runn | s TEST

parser view TEST

 secret 5 $1$JUig$9W982IoexX/cDC5/oJ6lp.

 commands configure include router

 commands exec include configure terminal

 commands exec include configure 


'bgp' part is disappearing (either with or without 'all' keyword). As a result the correspnding user is getting access to configuring ANY routing protocol.

Just for note, restricting access on per interface basis (i.e. Ethernet0/0 only) is working fine.


Does anybody have experience with this staff?





Sign In or Register to comment.