-
Notifications
You must be signed in to change notification settings - Fork 1
Role‐based CLI Access
FeIix edited this page Apr 27, 2026
·
6 revisions
- Limit IOS viewing (
show) and configuring (available commands) - A per-user basis
- Default view is known as root parser/CLI view
root parser view
└─ other CLI views
| Feature | Privilege Levels | CLI Views (Parser Views) |
|---|---|---|
| Structure | Hierarchical (0–15). | Modular/Non-hierarchical. |
| Inheritance | Higher levels inherit all commands from lower levels. | No inheritance; users only see explicitly added commands. |
| Granularity | Coarse; commands are assigned to a level. | Fine; can restrict access to specific sub-commands or interfaces. |
| Configuration | Uses the privilege command. | Uses the parser view command. |
| Admin Mode | Level 15 is the standard full-access mode. | Root View is required to create or modify other views. |
| Use Case | Basic access control | Task- or role-based administration |
R1# show parser view
Current view is 'root' //Default view
R1(config)# aaa new-model //Required
R1(config)# parser view <VIEW_NAME> [inclusive | superview] //Superview groups of several defined views
R1(config-view)# secret <PASS> //Set a password for the current view
R1(config-view)# commands <CMDs> include|exclude|include-exclusive all|LINE //Add or exclude commands; LINE means specific commands
R1(config-view)# end
R1# enable view <VIEW_NAME> //Switch to the view named <VIEW_NAME>
Password:<PASS>
R1# show parser view //Now it is under VIEW_NAME view
Current view is 'VIEW_NAME'
R1# Enable view root //Go back to the default root view
Password: //A password is required. If not set, you are locked out of the root view.
R1(config)# username <USER> view <VIEW_NAME> secret <PASS1> //Assign the VIEW_NAME view to a local user