GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: OT:PIX read only user addition posted 10/09/2005
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Hello Mohamed,
I see that the following command is missing from your config:
aaa authorization command LOCAL
The reason that the users were able to enter all the commands is because you
were entering enable mode, without specifiying the privilege level after the
enable mode, which would give users level-15 access, by default.
Please enter the command above and log into enable mode with enable (level).
Sincerely,
John

 On 9/20/05, Mohamed.N <mohamed_n@xxxxxxxxxxxx> wrote:
>
> Hi,
>
> I agree with you, but if i gave like that,the user has write access
> also..and can goto config mode!
>
> I gave these commands..
>
> username test password test privilege 2
> privilege show level 2 command crypto
> enable password test level 2
>
>
> now if i ssh to pix, it asks for a username password..
> it is normal enable password..then get in user mode..now we type enable to
> get into privilege mode..so it asks for a username..here i gave test..then
> password i gave,,now the user is logged in with full privileges..
>
> in the user mode, if we give enable 2, to enter level 2,,it is not
> accepting..
>
> The actual screen!!!
>
> I ssh to PIX------>
> login as: pix
> Sent username "pix"
> pix@xxxxxxxxxxxxx's password:
> type help or '?' for a list of available commands.
>
> INMAA-TDL-MIITS-PIX>
> INMAA-TDL-MIITS-PIX> enable 2
> Enabling to privilege levels is not allowed when configured for
> AAA authentication. Use 'enable' only.
>
> INMAA-TDL-MIITS-PIX>
>
> INMAA-TDL-MIITS-PIX> ena
> Username: test
> Password: ****
>
> INMAA-TDL-MIITS-PIX#
>
> INMAA-TDL-MIITS-PIX# conf t
>
> INMAA-TDL-MIITS-PIX(config)#
>
> INMAA-TDL-MIITS-PIX# sh privil
> privilege show level 2 command crypto
>
> Pls help me out..
>
> Regards
> Mohamed.
>
>
>
>
> ----- Original Message -----
> From: "Godswill Oletu" <oletu@xxxxxxxx>
> To: "Mohamed.N" <mohamed_n@xxxxxxxxxxxx>; <ccielab@xxxxxxxxxxxxxx>
> Sent: Tuesday, September 20, 2005 12:25 PM
> Subject: Re: OT:PIX read only user addition
>
>
> > Try...
> >
> > username admin1 password cisco1 privilege 7
> > username admin2 password cisco2 privilege 7
> > ...
> > ...
> > username admin7 password cisco7 privilege 7
> > privilege show level 7 command crypto isa sa
> > privilege show level 7 command interface
> >
> >
>
>
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/config/sysmg
mt.htm#xtocid2
> >
> > HTH
> >
> >
> >
> > ----- Original Message -----
> > From: "Mohamed.N" <mohamed_n@xxxxxxxxxxxx>
> > To: <ccielab@xxxxxxxxxxxxxx>
> > Sent: Tuesday, September 20, 2005 2:39 AM
> > Subject: Re: OT:PIX read only user addition
> >
> >
> > >I am not using tacacs , iam doing locally.
> > > I have attached the configs, please help me
> > > I have removed the ACLs and some other unwanted commands for
> simplicity.
> > >
> > > I have some 6 or 7 users, who are administrators.They will login using
> > > their
> > > username and password,locally and not TACACS/RADIUS.
> > >
> > > I want to create a user, who should can do only these commands
> > >
> > > show crypto isa sa
> > > show interface
> > >
> > > I dont want that user to go to config mode, to save the config or any
> > > other
> > > critical thing that could bring the firewall down.
> > >
> > > Thanks a lot
> > > Mohamed.
> > >
> > > ----- Original Message -----
> > > From: "Todd Veillette" <tveillette@xxxxxxxxxxxxx>
> > > To: "Mohamed.N" <mohamed_n@xxxxxxxxxxxx>; <ccielab@xxxxxxxxxxxxxx>
> > > Sent: Tuesday, September 20, 2005 8:04 AM
> > > Subject: Re: OT:PIX read only user addition
> > >
> > >
> > >> Do you have Tacacs+ or are you doing this all locally? You need to
> > >> authorization set up for the 15 and the 2 users.
> > >>
> > >> -TV
> > >>
> > >> ----- Original Message -----
> > >> From: "Mohamed.N" <mohamed_n@xxxxxxxxxxxx>
> > >> To: <ccielab@xxxxxxxxxxxxxx>
> > >> Sent: Monday, September 19, 2005 8:35 AM
> > >> Subject: Re: OT:PIX read only user addition
> > >>
> > >>
> > >> > Hi John,
> > >> > I already tried with that page,
> > >> > iam not getting desired results.
> > >> > If i configure a user in level 2,most of the commands are
> > >> > accesible.Even
> > > a
> > >> > level 2 user can delete other users in higher level.
> > >> > This is not exactly i want.
> > >> > I want the user to see the output of only 2 commands.
> > >> > The user should not be able to goto configure mode,shouldnot be
> able
> to
> > >> > save
> > >> > the configs etc.
> > >> >
> > >> > In router,we can type "enable 2 " , but in PIX it is not
> accepting,it
> > > says
> > >> > once AAA server is configured,we cant use enable 2!!!
> > >> >
> > >> > Regards
> > >> > Mohamed
> > >> > ----- Original Message -----
> > >> > From: "john matijevic" <john.matijevic@xxxxxxxxx>
> > >> > To: "Mohamed.N" <mohamed_n@xxxxxxxxxxxx>
> > >> > Cc: <ccielab@xxxxxxxxxxxxxx>
> > >> > Sent: Monday, September 19, 2005 4:06 PM
> > >> > Subject: Re: OT:PIX read only user addition
> > >> >
> > >> >
> > >> >> Hello Mohamed,
> > >> >> I gather the following information off of Cisco web site:
> > >> >> Understanding Privilege Settings
> > >> >>
> > >> >> Most commands in the PIX are at level 15, although a few are at
> level
> > > 0.
> > >> > To
> > >> >> show current settings for all commands, issue the following
> command.
> > >> >>
> > >> >> *show privilege all*
> > >> >>
> > >> >> Most commands are at level 15 by default, as shown in the
> following
> > >> > example.
> > >> >>
> > >> >> *privilege configure level 15 command route*
> > >> >>
> > >> >> A few are at level 0, as shown in the following example.
> > >> >>
> > >> >> *privilege show level 0 command curpriv*
> > >> >>
> > >> >> The following examples address the *clock* command. To determine
> the
> > >> > current
> > >> >> settings for the *clock* command, issue the following command.
> > >> >>
> > >> >> *show privilege command clock*
> > >> >>
> > >> >> The output of the *show privilege command clock* command shows us
> the
> > >> > *clock
> > >> >> * command exists in the following three forms.
> > >> >>
> > >> >> *!--- Users at level 15 can issue the show clock
> command.**privilege
> > >> >> show level 15 command clock**!--- Users at level 15 can issue the
> > >> >> clear clock command.**Privilege clear level 15 command clock**!---
> > >> >> Users at level 15 can configure the clock
> > >> >> !--- (for example, clock set 12:00:00 Jan 01 2001).**privilege
> > >> >> configure level 15 command clock*
> > >> >>
> > >> >> see the following link for additional details:
> > >> >>
> > >> >>
> > >> >
> > >
>
>
http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2030/products_tech_
> > >> >> note09186a00800949d6.shtml
> > >> >> Sincerely,
> > >> >> John
> > >> >>
> > >> >>
> > >> >> On 9/19/05, Mohamed.N <mohamed_n@xxxxxxxxxxxx> wrote:
> > >> >> >
> > >> >> > Hi All,
> > >> >> > Sorry for OT.But i spent lot of time in this.
> > >> >> > I want to add a user in pix, who can do only this 2 commands
> > >> >> > show crypto isakmp sa
> > >> >> > show interface
> > >> >> > This user should not save the config,goto config mode or be able
> to
> > > do
> > >> > any
> > >> >> > config changes.
> > >> >> >
> > >> >> > I tried searching many pages.
> > >> >> > I tried using these commands
> > >> >> >
> > >> >> > enable password XXXX level 2
> > >> >> > username user pass XXXX priv 2
> > >> >> > privilege show level 2 command crypto
> > >> >> > privilege show level 2 command interface
> > >> >> >
> > >> >> > But there is no restriction.If i choose level 1 or 0,i am unable
> to
> > >> >> > goto
> > >> >> > enable mode at all,so i cant use the commands show crypto
> > >> >> >
> > >> >> > Also i want to know what is difference between level 1 ,level 2
> like
> > >> >> > that..and
> > >> >> > what significance it has in controlling the access to PIX ?
> > >> >> >
> > >> >> >
> > >> >> > Regards
> > >> >> > N Mohamed
> > >> >> > Senior Network Engineer
> > >> >> > Technology-MIITS
> > >> >> > Sify Ltd
> > >> >> > Phone : +91-44-22540777 extn: 2082
> > >> >> > Mobile : +91-98401-27734
> > >> >> > Email : mohamed_n@xxxxxxxxxxxx
> > >> >> > ********** DISCLAIMER **********
> > >> >> > Information contained and transmitted by this E-MAIL is
> proprietary
> > > to
> > >> >> > Sify Limited and is intended for use only by the individual or
> > >> >> > entity
> > >> >> > to
> > >> >> > which it is addressed, and may contain information that is
> > > privileged,
> > >> >> > confidential or exempt from disclosure under applicable law. If
> this
> > > is
> > >> > a
> > >> >> > forwarded message, the content of this E-MAIL may not have been
> sent
> > >> > with
> > >> >> > the authority of the Company. If you are not the intended
> recipient,
> > > an
> > >> >> > agent of the intended recipient or a person responsible for
> > > delivering
> > >> > the
> > >> >> > information to the named recipient, you are notified that any
> use,
> > >> >> > distribution, transmission, printing, copying or dissemination
> of
> > > this
> > >> >> > information in any way or in any manner is strictly prohibited.
> If
> > > you
> > >> >> > have
> > >> >> > received this communication in error, please delete this mail &
> > > notify
> > >> > us
> > >> >> > immediately at admin@xxxxxxxxxxxx
> > >> >> >
> > >> >> > www.sify.com <http://www.sify.com> <http://www.sify.com> - your
> homepage on the internet
> > > for
> > >> >> > news, sports, finance,
> > >> >> > astrology, movies, entertainment, food, languages etc
> > >> >> >
> > >> >> >
> > >
> _______________________________________________________________________
> > >> >> > Subscription information may be found at:
> > >> >> > http://www.groupstudy.com/list/CCIELab.html
> > >> >> >
> > >> >>
> > >> >>
> > >> >>
> > >> >> --
> > >> >> John Matijevic, CCIE #13254
> > >> >> U.S. Installation Group
> > >> >> Senior Network Engineer
> > >> >> 954-969-7160 ext. 1147 (office)
> > >> >> 305-321-6232 (cell)
> > >> >>
> > >> >>
> _______________________________________________________________________
> > >> >> Subscription information may be found at:
> > >> >> http://www.groupstudy.com/list/CCIELab.html
> > >> >
> > >> >
> _______________________________________________________________________
> > >> > Subscription information may be found at:
> > >> > http://www.groupstudy.com/list/CCIELab.html
> > >>
> > >>
> _______________________________________________________________________
> > >> Subscription information may be found at:
> > >> http://www.groupstudy.com/list/CCIELab.html
> > > INMAA-TDL-MIITS-PIX# sh run
> > > : Saved
> > > :
> > > PIX Version 6.3(4)
> > > interface ethernet0 100basetx
> > > interface ethernet1 100basetx
> > > interface ethernet2 auto
> > > interface ethernet2 vlan75 logical
> > > interface ethernet2 vlan114 logical
> > > interface ethernet2 vlan119 logical
> > > interface ethernet2 vlan689 logical
> > > interface ethernet3 auto
> > > interface ethernet3 vlan18 logical
> > > interface ethernet4 auto shutdown
> > > interface ethernet5 auto shutdown
> > > interface ethernet6 auto shutdown
> > > nameif ethernet0 outside security0
> > > nameif ethernet1 inside security100
> > > nameif ethernet2 VLANS security99
> > > nameif ethernet3 Server_LAN security6
> > > nameif ethernet4 intf4 security8
> > > nameif ethernet5 intf5 security10
> > > nameif ethernet6 intf6 security12
> > > nameif vlan75 MIITS-SUNCHEM security90
> > > nameif vlan114 MIITS-OAServer security40
> > > nameif vlan119 VIACOM-LAN security80
> > > nameif vlan689 GM-LAN security79
> > > nameif vlan18 VIACOM-SERVER security70
> > > enable password kmePnGUYNDyhyKcU encrypted
> > > passwd kmePnGUYNDyhyKcU encrypted
> > > hostname INMAA-TDL-MIITS-PIX
> > > domain-name pix.com <http://pix.com>
> > > fixup protocol dns maximum-length 512
> > > fixup protocol ftp 21
> > > fixup protocol h323 h225 1720
> > > fixup protocol h323 ras 1718-1719
> > > fixup protocol http 80
> > > fixup protocol rsh 514
> > > fixup protocol rtsp 554
> > > fixup protocol sip 5060
> > > fixup protocol sip udp 5060
> > > fixup protocol skinny 2000
> > > fixup protocol smtp 25
> > > fixup protocol sqlnet 1521
> > > fixup protocol tftp 69
> > > names
> > > object-group network grplan1
> > >
> > > pager lines 24
> > > logging on
> > > logging timestamp
> > > logging buffered notifications
> > > logging facility 19
> > >
> > > mtu outside 1500
> > > mtu inside 1500
> > > mtu VLANS 1500
> > > mtu Server_LAN 1500
> > > mtu intf4 1500
> > > mtu intf5 1500
> > > mtu intf6 1500
> > > ip address outside A.A.64.74 255.255.255.248 <http://255.255.255.248>
> > > ip address inside A.A.114.195 255.255.255.192 <http://255.255.255.192>
> > > no ip address VLANS
> > > no ip address Server_LAN
> > > no ip address intf4
> > > no ip address intf5
> > > no ip address intf6
> > > ip address MIITS-SUNCHEM 10.75.192.1 <http://10.75.192.1>
> 255.255.224.0 <http://255.255.224.0>
> > > ip address MIITS-OAServer 192.168.99.1 <http://192.168.99.1>
> 255.255.255.0 <http://255.255.255.0>
> > > ip address VIACOM-LAN 172.18.3.1 <http://172.18.3.1>
255.255.255.0<http://255.255.255.0>
> > > ip address GM-LAN 192.168.97.1 <http://192.168.97.1>
255.255.255.128<http://255.255.255.128>
> > > ip address VIACOM-SERVER A.A.110.1
255.255.255.192<http://255.255.255.192>
> > > ip audit info action alarm
> > > ip audit attack action alarm
> > > failover
> > > failover timeout 0:00:00
> > > failover poll 15
> > > failover ip address outside A.A.64.78
> > > failover ip address inside A.A.114.194
> > > no failover ip address VLANS
> > > no failover ip address Server_LAN
> > > no failover ip address intf4
> > > no failover ip address intf5
> > > no failover ip address intf6
> > > failover ip address MIITS-SUNCHEM 10.75.192.252 <http://10.75.192.252>
> > > failover ip address MIITS-OAServer
192.168.99.252<http://192.168.99.252>
> > > failover ip address VIACOM-LAN 172.18.3.252 <http://172.18.3.252>
> > > failover ip address GM-LAN 192.168.97.2 <http://192.168.97.2>
> > > failover ip address VIACOM-SERVER A.A.110.62
> > > pdm history enable
> > > arp timeout 14400
> > > global (outside) 1 interface
> > > nat (inside) 0 A.A.114.192 255.255.255.192 <http://255.255.255.192> 0
> 0
> > > nat (MIITS-SUNCHEM) 1 access-list intra_nat 0 0
> > > nat (MIITS-SUNCHEM) 0 10.75.192.0 <http://10.75.192.0>
255.255.224.0<http://255.255.224.0>0 0
> > > nat (VIACOM-LAN) 1 access-list intra_nat 0 0
> > > nat (VIACOM-LAN) 0 172.18.3.0 <http://172.18.3.0>
255.255.255.0<http://255.255.255.0>0 0
> > > nat (GM-LAN) 1 access-list intra_nat 0 0
> > > nat (GM-LAN) 0 192.168.97.0 <http://192.168.97.0>
255.255.255.128<http://255.255.255.128>0 0
> > > nat (VIACOM-SERVER) 1 access-list intra_nat 0 0
> > > nat (VIACOM-SERVER) 0 A.A.110.0 255.255.255.192<http://255.255.255.192>0
0
> > > static (VIACOM-SERVER,outside) A.A.110.18 A.A.110.18 netmask
> > > 255.255.255.255 <http://255.255.255.255> 0
> > > 0
> > > static (VIACOM-SERVER,outside) A.A.110.17 A.A.110.17 netmask
> > > 255.255.255.255 <http://255.255.255.255> 0
> > > 0
> > > static (MIITS-SUNCHEM,VIACOM-LAN) 10.75.192.20 <http://10.75.192.20>
> 10.75.192.20 <http://10.75.192.20> netmask
> > > 255.255.255.255 <http://255.255.255.255> 0 0
> > > static (VIACOM-SERVER,outside) A.A.110.25 A.A.110.25 netmask
> > > 255.255.255.255 <http://255.255.255.255> 0
> > > 0
> > > static (VIACOM-SERVER,outside) A.A.110.26 A.A.110.26 netmask
> > > 255.255.255.255 <http://255.255.255.255> 0
> > > 0
> > > static (MIITS-SUNCHEM,GM-LAN) 10.75.192.20 <http://10.75.192.20>
> 10.75.192.20 <http://10.75.192.20> netmask
> > > 255.255.255.255 <http://255.255.255.255> 0 0
> > > static (VIACOM-SERVER,GM-LAN) A.A.110.0 A.A.110.0 netmask
> 255.255.255.192 <http://255.255.255.192>
> > > 0 0
> > > static (VIACOM-SERVER,outside) A.A.110.0 A.A.110.0 netmask
> 255.255.255.192 <http://255.255.255.192>
> > > 0 0
> > > static (MIITS-OAServer,outside) A.A.64.77
192.168.99.2<http://192.168.99.2>netmask
> > > 255.255.255.255 <http://255.255.255.255>
> > > 0 0
> > > static (inside,outside) A.A.114.202 A.A.114.202 netmask
> 255.255.255.255 <http://255.255.255.255>
> 0
> > > 0
> > > static (inside,MIITS-SUNCHEM) 10.75.192.30 <http://10.75.192.30>
> 10.75.192.30 <http://10.75.192.30> netmask
> > > 255.255.255.255 <http://255.255.255.255> 0 0
> > > static (inside,MIITS-SUNCHEM) A.A.114.200 A.A.114.200 netmask
> > > 255.255.255.255 <http://255.255.255.255>
> > > 0 0
> > > access-group miits_out in interface outside
> > > access-group miits_in in interface inside
> > > access-group miits_sunchem in interface MIITS-SUNCHEM
> > > access-group servicedesk_out in interface VIACOM-LAN
> > > access-group gm_out in interface GM-LAN
> > > access-group viacomserv_out in interface VIACOM-SERVER
> > > route outside 0.0.0.0 <http://0.0.0.0> 0.0.0.0 <http://0.0.0.0>
> A.A.64.73 1
> > > route outside 10.0.0.0 <http://10.0.0.0> 255.0.0.0 <http://255.0.0.0>
> A.A.64.73 1
> > > route outside 128.107.0.0 <http://128.107.0.0>
255.255.0.0<http://255.255.0.0>
> A.A.64.73 1
> > > route outside 128.110.0.0 <http://128.110.0.0>
255.255.0.0<http://255.255.0.0>
> A.A.64.73 1
> > > route outside 172.21.0.0 <http://172.21.0.0>
255.255.0.0<http://255.255.0.0>
> A.A.64.73 1
> > > timeout xlate 3:00:00
> > > timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
> > > 1:00:00
> > > timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
> > > timeout uauth 0:05:00 absolute
> > > aaa-server TACACS+ protocol tacacs+
> > > aaa-server TACACS+ max-failed-attempts 3
> > > aaa-server TACACS+ deadtime 10
> > > aaa-server RADIUS protocol radius
> > > aaa-server RADIUS max-failed-attempts 3
> > > aaa-server RADIUS deadtime 10
> > > aaa-server LOCAL protocol local
> > > aaa authentication telnet console LOCAL
> > > aaa authentication enable console LOCAL
> > > no snmp-server location
> > > no snmp-server contact
> > > snmp-server community
> > > no snmp-server enable traps
> > > floodguard enable
> > > sysopt connection permit-ipsec
> > > crypto ipsec transform-set trset esp-des esp-md5-hmac
> > > crypto ipsec transform-set gmvashi esp-3des esp-md5-hmac
> > > crypto ipsec transform-set dr-mgmt esp-3des esp-md5-hmac
> > > crypto ipsec transform-set gmrva esp-3des esp-md5-hmac
> > > crypto map crymap 1 ipsec-isakmp
> > > crypto map crymap 1 match address viacom-ipsec
> > > crypto map crymap 1 set peer .235.141
> > > crypto map crymap 1 set transform-set trset
> > > crypto map crymap 2 ipsec-isakmp
> > > crypto map crymap 2 match address gm-vashi-ipsec
> > > crypto map crymap 2 set peer A.A.24.195
> > > crypto map crymap 2 set transform-set gmvashi
> > > crypto map crymap 3 ipsec-isakmp
> > > crypto map crymap 3 match address dr-mgmt-ipsec
> > > crypto map crymap 3 set peer .5.205
> > > crypto map crymap 3 set transform-set dr-mgmt
> > > crypto map crymap 4 ipsec-isakmp
> > > crypto map crymap 4 match address gmripsec
> > > crypto map crymap 4 set peer .29.146
> > > crypto map crymap 4 set transform-set gmrva
> > > crypto map crymap interface outside
> > > isakmp enable outside
> > > isakmp key ******** address .235.141 netmask
255.255.255.255<http://255.255.255.255>
> > > isakmp key ******** address A.A.24.195 netmask
255.255.255.255<http://255.255.255.255>
> > > isakmp key ******** address .5.205 netmask
255.255.255.255<http://255.255.255.255>
> > > isakmp key ******** address .29.146 netmask
255.255.255.255<http://255.255.255.255>
> > > isakmp policy 1 authentication pre-share
> > > isakmp policy 1 encryption 3des
> > > isakmp policy 1 hash md5
> > > isakmp policy 1 group 1
> > > isakmp policy 1 lifetime 86400
> > > isakmp policy 2 authentication pre-share
> > > isakmp policy 2 encryption 3des
> > > isakmp policy 2 hash md5
> > > isakmp policy 2 group 2
> > > isakmp policy 2 lifetime 86400
> > > telnet A.A.114.192 255.255.255.192 <http://255.255.255.192> inside
> > > telnet 10.75.192.0 <http://10.75.192.0>
255.255.224.0<http://255.255.224.0>MIITS-SUNCHEM
> > > telnet 192.168.99.2 <http://192.168.99.2>
255.255.255.255<http://255.255.255.255>MIITS-OAServer
> > > telnet 192.168.97.0 <http://192.168.97.0>
255.255.255.128<http://255.255.255.128>GM-LAN
> > > telnet timeout 3
> > > ssh A.A.111.250 255.255.255.255 <http://255.255.255.255> outside
> > > ssh timeout 10
> > > console timeout 0
> > > dhcprelay server 192.168.99.2 <http://192.168.99.2> MIITS-OAServer
> > > dhcprelay enable inside
> > > dhcprelay enable MIITS-SUNCHEM
> > > dhcprelay enable VIACOM-LAN
> > > dhcprelay enable GM-LAN
> > > username partha_s password zdr9SRpu6vmh0PLq encrypted privilege 15
> > > username srinivasan_v password BN8kesEvEhELYBKH encrypted privilege 15
> > > username lnarayanan_p password Z7ybOCOVcOEG0OsW encrypted privilege 15
> > > username mohamed_n password LmEgjp4aVj.y6i3a encrypted privilege 15
> > > username zhuhair_i password 3V2TCjO3u0dZLViA encrypted privilege 15
> > > username back_app password 8Sbfi5ITT2yqDdoT encrypted privilege 15
> > > username vengada_subbu password i9o//ouW9FWBg78D encrypted privilege
> 15
> > >
> > > terminal width 80
> > > banner motd
> > > +---------------------------------------------------------------+
> > > banner motd | This system is for the use of authorized users only.
> > > |
> > > banner motd |Individuals using this system without authority or in
> excess
> > > |
> > > banner motd |of their authority, are subject to having all of the
> > > activities|
> > > banner motd |on this system monitored and recorded by system
> personnel.
> > > |
> > > banner motd |
> > > |
> > > banner motd | In the course of monitoring individuals improperly
> using
> > > |
> > > banner motd |system, or in the course of system maintenance, the
> > > activities |
> > > banner motd |of authorized users may also be monitored.
> > > |
> > > banner motd |
> > > |
> > > banner motd | Anyone using this system expressly consents to such
> > > |
> > > banner motd |monitoring and is advised if such monitoring reveals
> possible
> > > |
> > > banner motd |evidence of criminal activity, system personnel may
> provide
> > > |
> > > banner motd |the evidence to law enforcement officials.
> > > |
> > > banner motd
> > > +---------------------------------------------------------------+
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>



--
John Matijevic, CCIE #13254
U.S. Installation Group
Senior Network Engineer
954-969-7160 ext. 1147 (office)
305-321-6232 (cell)