Last Updated on August 2, 2021 by Admin 3
You issue the following block of commands on a Cisco router:
RouterA(config)#privilege exec level 10 show users RouterA(config)#username boson password cisco RouterA(config)#username boson privilege 15 RouterA(config)#username boson autocommand show users
RouterA(config)#line vty 0 4
RouterA(configline)#login local
RouterA(configline)#privilege level 7
Which of the following statements accurately describes what happens when the user boson successfully initiates a Telnet session to RouterA? (Select the best answer.)
- The autocommand command fails, and the user is disconnected.
- The autocommand command fails, and the user is not disconnected.
- The autocommand command succeeds, and the user is disconnected.
- The autocommand command succeeds, and the user is not disconnected.
Explanation:
When the user boson successfully initiates a Telnet session to RouterA in this scenario, the autocommand command succeeds and the user is disconnected from the router. When issued with the username command, the autocommand keyword can execute a specific command immediately after a user successfully logs in to a Cisco router. In this scenario, the autocommand specifies that the show users command should execute immediately after the user logs in. The command output is displayed to the user terminal, and then the user’s session is terminated. You can prevent the user session from being terminated either by using the nohangup keyword or by issuing the no username username autocommand command to remove the autocommand keyword. However, the no username username autocommand command will delete both the autocommandkeyword and the specified user name from the local database? therefore, you will need to issue the username username password password again to recreate the user entry. By contrast, the nohangup keyword does not affect the autocommand keyword but instead changes the default behavior so that the user session is not disconnected.
The privilege exec level 10 show users command in this scenario changes the required privilege level of the show users command to level 10. The default EXEC privilege level is level 1? therefore, this command removes the show users command from the EXEC shells of all users with privilege levels less than 10. The default enable privilege level is level 15? therefore, any user could enter privileged EXEC mode and execute the command. The username boson privilege 15 command in this scenario configures the user boson with a privilege level of 15. Because the user’s base privilege level is already 15, the user is not required to issue the enable command to enter privileged EXEC mode. The following block of commands configures the four default virtual terminal (VTY) interfaces on RouterA to use the local database for authentication and to assign user sessions a default privilege level of 7:
RouterA(config)#line vty 0 4
RouterA(configline)#login local
RouterA(configline)#privilege level 7
Although Telnet users are assigned a default privilege level of 7 in this scenario, peruser privileges override the privileges configured for the VTY line. Therefore, the user boson will be granted privilege level 15 when connected to a VTY line through a Telnet session. By contrast, a user without a specified privilege level will be granted privilege level 7 in this scenario. Because the show users command has been assigned a required privilege level of 10, the boson user will be able to execute the command, whereas a Telnet user with the default privilege level would be unable to execute the command without first issuing the enable command to enter privileged EXEC mode.
If the boson user was assigned a privilege level that was insufficient to execute the show users command, the autocommand keyword would still attempt to execute the command. The autocommand keyword does not verify that a user has sufficient privileges to execute the specified command. However, the command would cause the router to display an error message instead of the expected command output. The user session would be disconnected after the error message was displayed.
In no case would the user session remain connected. The nohangup keyword must be used with the username command to change the default behavior so that a user session is not disconnected after the command specified by the autocommand command is executed.
When the user boson successfully initiates a Telnet session to RouterA in this scenario, the autocommand command succeeds and the user is disconnected from the router. When issued with the username command, the autocommand keyword can execute a specific command immediately after a user successfully logs in to a Cisco router. In this scenario, the autocommand specifies that the show users command should execute immediately after the user logs in. The command output is displayed to the user terminal, and then the user’s session is terminated. You can prevent the user session from being terminated either by using the nohangup keyword or by issuing the no username username autocommand command to remove the autocommand keyword. However, the no username username autocommand command will delete both the autocommandkeyword and the specified user name from the local database? therefore, you will need to issue the username username password password again to recreate the user entry. By contrast, the nohangup keyword does not affect the autocommand keyword but instead changes the default behavior so that the user session is not disconnected.
The privilege exec level 10 show users command in this scenario changes the required privilege level of the show users command to level 10. The default EXEC privilege level is level 1? therefore, this command removes the show users command from the EXEC shells of all users with privilege levels less than 10. The default enable privilege level is level 15? therefore, any user could enter privileged EXEC mode and execute the command. The username boson privilege 15 command in this scenario configures the user boson with a privilege level of 15. Because the user’s base privilege level is already 15, the user is not required to issue the enable command to enter privileged EXEC mode. The following block of commands configures the four default virtual terminal (VTY) interfaces on RouterA to use the local database for authentication and to assign user sessions a default privilege level of 7:
RouterA(config)#line vty 0 4
RouterA(configline)#login local
RouterA(configline)#privilege level 7
Although Telnet users are assigned a default privilege level of 7 in this scenario, peruser privileges override the privileges configured for the VTY line. Therefore, the user boson will be granted privilege level 15 when connected to a VTY line through a Telnet session. By contrast, a user without a specified privilege level will be granted privilege level 7 in this scenario. Because the show users command has been assigned a required privilege level of 10, the boson user will be able to execute the command, whereas a Telnet user with the default privilege level would be unable to execute the command without first issuing the enable command to enter privileged EXEC mode.
If the boson user was assigned a privilege level that was insufficient to execute the show users command, the autocommand keyword would still attempt to execute the command. The autocommand keyword does not verify that a user has sufficient privileges to execute the specified command. However, the command would cause the router to display an error message instead of the expected command output. The user session would be disconnected after the error message was displayed.
In no case would the user session remain connected. The nohangup keyword must be used with the username command to change the default behavior so that a user session is not disconnected after the command specified by the autocommand command is executed.
Subscribe
Login
0 Comments