Role-Based CLI

Role-Based CLI
Role-based CLI is a relatively new method of limiting access to CLI
commands in a much more flexible way than privilege levels. Cisco IOS
commands are grouped into “views,” which can then be assigned to users (or
interfaces) in a variety of ways. The “root view” has access to all commands
and can be used to create up to 15 additional views. Views can be offloaded
to AAA servers for even more flexibility. “Superviews” enables you to group
together multiple views, allowing you to assign multiple views to users with
less configuration complexity. Example 5-4 shows a basic role-based CLI
configuration similar to Example 5-2.
Example 5-4 Configuring Role-Based CLI
R2(config)#aaa new-model
R2(config)#exit
R2#enable view
Password:[enter level 15 password]
*Dec 16 19:44:39.411: %PARSER-6-VIEW_SWITCH: successfully set to
view ‘root’.
R2#conf t
R2(config)#parser view TRACEROUTE_VIEW
*Dec 16 19:45:16.403: %PARSER-6-VIEW_CREATED: view
‘TRACEROUTE_VIEW’ successfully created.
R2(config-view)#password 5 cat
R2(config-view)#commands exec include traceroute
R2(config-view)#exit
You can verify role-based CLI configuration with command show parser
view [all] command.