Privilege Levels on FWs, switches and Routers
One question - I am bothered with the privilege level settings.
Is there a default mapping between a priv lvl and teh commands you are allowed to execute or one needs to define that.
EX: I want somebody to only have the right of executing sh run on a device and nothing more.Can this be done?
Thx,
Vlad
I would start by configuring a privilege level and then use the ? to list all the commands available at that level.
privilege level 0 - Includes the disable, enable, exit, help, and logout commands.
privilege level 1 - Normal level on Telnet; includes all user-level commands at the router> prompt.
privilege level 15 - Includes all enable-level commands at the router# prompt.
Commands available at a particular level in a particular router can be found by typing a ? at the router prompt. Commands may be moved between privilege levels by using the privilege command, as illustrated in the example. While this example shows local authentication and authorization, the commands work similarly for TACACS+ or RADIUS authentication and exec authorization (more granularity in control of the router may be achieved with implementation of TACACS+ command authorization with a server.)
Additional details on the users and privilege levels presented in the example:
User six is able to Telnet in and execute the show run command, but the resulting configuration is virtually blank because this user cannot configure anything (configure terminal is at level 8, not at level 6). The user is not permitted to see usernames and passwords of the other users, or to see Simple Network Management Protocol (SNMP) information.
User john is able to Telnet in and execute the show run command, but only sees commands that he can configure (the snmp-server community part of the router configuration, since this user is our network management administrator). He can configure snmp-server community because configure terminal is at level 8 (at or below level 9), and snmp-server community is a level 8 command. The user is not permitted to see usernames and passwords of the other users, but he is trusted with the SNMP configuration.
User inout is able to Telnet in, and, by virtue of being configured for autocommand show running, sees the configuration displayed but is disconnected thereafter.
User poweruser is able to to Telnet in and execute the show run command. This user is at level 15, and is able to see all commands. All commands are at or below level 15; users at this level can also view and control usernames and passwords.
HTH
Similar Messages
-
Cisco Prime 2.1.2 auto sync config for switches and Routers
hello Support,
how to configure auto sync config in CPI? when the customer make a changes in the switches and Routers, the customer expect a new version of the configuration in CPI immediately. but we are getting the new version after 10 minutes. if we not configure in the switches and Routers to send syslog we are not getting anything.
where we have to configure in CPI to get the new versions immediately?
thanks!Make sure you have completed the recommended preparation steps given in Before You Begin Installing the Patch.
If you are not using the Prime Infrastructure High Availability (HA) feature, follow the steps in Installing the Patch instead of the steps below.
If your current Prime Infrastructure implementation has High Availability enabled, follow the steps below to install the patch. You must start the patch installation with the primary server in “Primary Active” state and the secondary server in “Secondary Syncing” state.
Patching of the primary and secondary servers takes approximately one hour. During that period, both servers will be down. If you have trouble at any point, see Troubleshooting Patch Installs in HA Implementations.
Step 1 Ensure that your HA implementation is enabled and ready for update:
a. Log in to the primary server using an ID with Administrator privileges.
b. Select Administration > System Settings > High Availability , The primary server state displayed on the HA Status page should be “Primary Active”.
c. Select HA Configuration . The current Configuration Mode should show “HA Enabled”.
d. The Failover Type must be set to “Manual” throughout the patch installation. If Failover Type is currently set to “Automatic”, select “Manual” and then click Save .
e. Access the secondary server’s Health Monitor (HM) web page by pointing your browser to the following URL:
https:// <ServerIP> :8082
where ServerIP is the IP address or host name of the secondary server.
f. You will be prompted for the authentication key entered when HA was enabled. Enter it and click Login .
g. Verify that the secondary server state displayed on the HM web page is “Secondary Syncing”.
Step 2 Download the patch:
a. Point your browser to the software patches listing for Cisco Prime Infrastructure 2.1.
b. Click the Download button for the Release 2.1.2 patch file (pi212_20141118_01.ubf), and save the file locally.
Step 3 Install the patch on the secondary server:
a. Access the secondary server’s HM web page by pointing your browser to the following URL:
https:// <ServerIP> :8082
where ServerIP is the IP address or host name of the secondary server.
b. You will be prompted for the authentication key entered when HA was enabled. Enter it and click Login .
c. Choose the HM web page’s Software Update link. You will be prompted for the authentication key a second time. Enter it and click Login again.
d. Click Upload Update File and browse to the location where you saved the patch file.
e. Click OK to upload the patch file.
f. When the upload is complete: On the Software Upload page, verify that the Name, Published Date and Description of the patch file are correct.
g. Select the patch file and click Install . When the installation is complete, you will see a popup message confirming this.
h. After the installation is complete on the secondary server, verify that the Software Updates page shows:
– In the “Installed” column: A “Yes” opposite the listing for this patch.
– In the “Pending Restart” column: A “Yes” for the secondary server. Do not restart the secondary server at this point.
Step 4 Install the patch on the primary server:
a. Log in to the primary server using an ID with administrator privileges and choose Administration > Software Update .
b. Click Upload Update File and browse to the location where you saved the patch file.
c. Click OK to upload the patch file.
d. When the upload is complete: On the Software Upload page, verify that the Name, Published Date and Description of the patch file are correct.
e. Select the patch file and click Install . When the installation is complete, you will see a popup message confirming this.
f. After the installation is complete on the primary server, verify that the Software Update page shows:
– In the “Installed” column: A “Yes” opposite the listing for this patch.
– In the “Pending Restart” column: A “Yes” for the primary server. Do not restart the primary server at this point.
Step 5 Stop the servers in the following sequence, using the commands explained in Running Commands:
a. On the secondary server, run the ncs stop command.
b. On the primary server, run the ncs stop command.
Step 6 Re-start and monitor the servers in the following sequence, using the commands explained in Running Commands:
a. On the secondary server, run:
– The ncs start command to restart the secondary server. Wait for the processes on the secondary to restart.
– The ncs status command to verify that the processes on the secondary have re-started.
– The ncs ha status command to verify that the secondary state is “Secondary Lost Primary”.
b. Once the secondary server is in “Secondary Lost Primary” state: On the primary server, run:
– The ncs start command to restart the primary server. Wait for the processes on the primary to restart.
– The ncs status command to verify that the primary’s Health Monitor and other processes have re-started.
Once all the processes on the primary are up and running, automatic HA registration will be triggered. This normally completes after a few minutes.
Step 7 Once registration completes, verify the patch installation as follows:
a. Run the ncs ha status command on both the primary and secondary servers. You should see the primary server state change from “HA Initializing” to “Primary Active”. You should see the secondary server state change from “Secondary Lost Primary” to “Secondary Syncing”.
b. Log in to the primary server and access its Software Update page as you did earlier. The “Installed” column should show “Yes” and the “Pending Restart” column should show “No” for the installed patch.
c. Access the secondary server’s Health Monitor page as you did earlier. The “Installed” column should show “Yes” and the “Pending Restart” column should show “No” for the installed patch. -
Email Notifications for Switches and Routers
Dear All,
How may I configure switches and routers to send email notifications when link is UP/Down.
We have Switches - ((C3750-IPBASE-M), Version 12.2(25)SEB4) & Routers - (C2900-UNIVERSALK9-M), Version 15.1(4)M3.
Thanks in Advance,
Best Regards,
Taufeeq.You can use EEM scrip to achieve the same. Just check EEM scripting in the community directory for some examples.
Regards,
Sathvik -
Rebooting switches and routers
Is it a good practice to reboot your switches and routers periodically and is there anything gained by doing this??
The only instance in which I would say this is unequivocally a good idea is one in which a known bug is causing, say, a memory leak which, uncorrected, will lead to a system crash. In that case, one would monitor memory usage and schedule preventitive maintenance reboots to forestall an unplanned outage.
Other than something like that, the practice of keeping one's IOS/CatOS relatively current (i.e., at least on a supported release) and analyzing new features for utility in your environment (or, more likely bug or vulnerability fixes) would more likely be the catalyst for introducing a new software version (and thus indirectly requiring a reboot to load the new code).
Hope this helps. Please rate it if it does. -
Switches and routers in the rack
Hi guys,
I am mounting few switches and routers in a rack in our new office. I am new to this and was wondering if I can stack them all on top of each other or need some gap for ventilation?
The rack is in a server room which has proper ventilation and cooling.
Please share your experience. Thanks.Remember this: Hot air goes up, cooler air goes down.
If you are trying to keep your appliances cool then rack-mounting them on the top is a useless exercise.
I normally rack-mount routers and switches halfway down the rack. I leave 1 RU between them to put cable-management. You can find 2RU cable management if you have thick cables or if you have a 48-port switch.
Another thing: Never, EVER, mix copper cable and fibre optic cable in the same cable management.
When it comes to copper cables, make sure you use "snagless" ones. Also, for the sake of future troubleshooting, make sure you use good brand cables like Panduit or Krone. Don't get "sold" by those cheap copper cables that are reputed to be "tested" and/or "GigabitEthernet ready". -
Unable to boot a ws-c2960-48tc-l, recovered switches and routers before but this one stuck me.
Any suggestions??
This is where I'm at:
I'm using Secure CRT with a baud rate of 115220
switch: set BAUD 115200
switch: format flash:
switch: copy xmodem: flash:c2960-lanbasek9-mz.150-2.SE6.bin
switch: set BAUD 9600
switch: boot flash:c2960-lanbasek9-mz.150-2.SE6.bin
switch: boot
Loading "c2960s-universalk9-mz.152-1.E2.bin"...c2960s-universalk9-mz.152-1.E2.bin: no such device
or
switch: boot flash:c2960-lanbasek9-mz.150-2.SE6.bin
Loading "flash:c2960-lanbasek9-mz.150-2.SE6.bin"...flash:c2960-lanbasek9-mz.150-2.SE6.bin: magic number mismatch: bad mzip file
Error loading "flash:c2960-lanbasek9-mz.150-2.SE6.bin"hello thompson318,
most probably the following mentioned error/ messages you are getting is due to bad IOS, the IOS is corrupted, i would suggest you to use another well-known working/ verified IOS and to upload it to the switch using Xmodem...
magic number mismatch: bad mzip file
here is some links for your reference:
http://www.youtube.com/watch?v=zxTO5qxti-I
http://www.cisco.com/c/en/us/support/docs/routers/2600-series-multiservice-platforms/15085-xmodem-generic.html
please note, if there is no enough space on the flash to handle the new and the old IOS image, i would suggest you to upload old/small IOS to fits into the flash, then you can delete the old corrupted one and to upgrade to new IOS image...
Kind Regards,
/Osama -
Ise and switch authentication and privilege level
Hi Guys,
I'm working on an eval on vmware. I have got everything working for wlan authentication and I’m working on shell authentication for switches. On the ACS you have the possibility to give the user privilege level on the switch. You can do this with shell profiles in ACS.
Is there a way to get this done in ISE? I was thinking to make a result policy elements but I can't find a shell profile or privilege attributes like in ACS.
For the record, switch authentication is working with Active Directory. I only need to know how to give the right return attribute.
I appreciate any help!
Sander@Sander,
You were in the right area.
Policy->Results->Authorization->Authorization Profiles.
Create AuthZ profile for Access-Accept and Under the Advanced Attributes Settings you can use:
Cisco:cisco-av-pair = shell:priv-lvl=15
or whatever privilege level you want to assign.
On your AuthZ rule, match the conditions and apply the created profile. -
I am trying to configure a group of users to get read only access onto our equipement ( switches and routers) and specifically show run or show start. i set the command set to permit those 2 commands and i created a rule for that group but it does work as desired.
any ideas? Thank you.There are a couple of ways that you can accomplish what you are looking to do. What you need to remember is that when showing the running-config you can only see what you have authorization to configure so just allowing a RO user to execute the show run command isn't going to show them much.
One thing you could do is to lower the privilege level required to run the "show configuration" command. The command is "privilege exec level 1 show configuration" and would need to be applied to all your devices. This would allow privilege level 1 users to view the startup-config but not the running-config.
Since you are running ACS another solution would be to create a rule to permit these RO users to login and actually authorize at level 15 which by default allows one to configure everything (remember to be able see it in the running-config you must be authorized to configure it). Then create a limited command set that only allows the commands they need to use.
Hope this helps,
Greg -
Configure Read-Acces via user-defined privilege level
Hello everybody,
I´m looking for the best configuration to restrict a user to read-only. The restriction should be configured via CLI not TACACS+.
Hardware: 3750 (probably not interesting for this question)
Oldest IOS: 12.2(53)SE1
The user should be allowed to:
see the running-configuration
trigger all kinds of show-commands
ping and traceroute from the device
The user should not be allowed to:
upload/delete/rename files on the flash-memory
get into level 15 (not sure if I can avoid this)
all other commands despite those from level 1 and those specified above
Can someone help me with this?
Thanks in advance!
I won´t forget to rate helpful postsHi Tobias,
You can
configure Multiple Privilege Levels on a switch as explained below.
By default, the Cisco IOS software has two modes of password security: user EXEC and
privileged EXEC. You can configure up to 16 hierarchical levels of commands for each mode.
By configuring multiple passwords, you can allow different sets of users to have access to
specified commands.
For example, if you want many users to have access to the clear line command, you can
assign it level 2 security and distribute the level 2 password fairly widely. But if you
want more restricted access to the configure command, you can assign it level 3 security
and distribute that password to a more restricted group of users.
Setting the Privilege Level for a Command
Beginning in privileged EXEC mode, follow these steps to set the privilege level for a
command mode:
Command Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
privilege mode level level command
Set the privilege level for a command.
For mode, enter configure for global configuration mode, exec for EXEC mode, interface
for interface configuration mode, or line for line configuration mode.
For level, the range is from 0 to 15. Level 1 is for normal user EXEC mode privileges.
Level 15 is the level of access permitted by the enable password.
For command, specify the command to which you want to restrict access.
Step 3
enable password level level password
Specify the enable password for the privilege level.
.For level, the range is from 0 to 15. Level 1 is for normal user EXEC mode privileges.
For password, specify a string from 1 to 25 alphanumeric characters. The string cannot
start with a number, is case sensitive, and allows spaces but ignores leading spaces. By
default, no password is defined.
Step 4
end
Return to privileged EXEC mode.
Step 5
show running-config
or
show privilege
Verify your entries.
The first command shows the password and access level configuration. The second command
shows the privilege level configuration.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
When you set a command to a privilege level, all commands whose syntax is a subset of that
command are also set to that level. For example, if you set the show ip traffic command to
level 15, the show commands and show ip commands are automatically set to privilege level
15 unless you set them individually to different levels.
To return to the default privilege for a given command, use the no privilege mode level
level command global configuration command.
This example shows how to set the configure command to privilege level 14 and define
SecretPswd14 as the password users must enter to use level 14 commands:
Switch(config)# privilege exec level 14 configure
Switch(config)# enable password level 14 SecretPswd14
Also you can change the default privilege level for all the users .
Changing the Default Privilege Level for Lines Beginning in privileged EXEC mode, follow these steps to change the default privilege level for a line: Command Purpose
Step 1 configure terminal Enter global configuration mode.
Step 2 line vty line Select the virtual terminal line on which to restrict access.
Step 3 privilege level level Change the default privilege level for the line.
For level, the range is from 0 to 15. Level 1 is for normal user EXEC mode
privileges. Level 15 is the level of access permitted by the enable password.
Step 4 end Return to privileged EXEC mode.
Step 5 show running-config or show privilege
Verify your entries. The first command shows the password and access level configuration.
The second command shows the privilege level configuration.
Step 6 copy running-config startup-config (Optional) Save your entries in the configuration file.
Users can override the privilege level you set using the privilege level line configuration command
by logging in to the line and enabling a different privilege level.
They can lower the privilege level by using the disable command.
If users know the password to a higher privilege level, they can use that password to enable the higher privilege level. You might specify a high level or privilege level for your console line to restrict line usage.
To return to the default line privilege level, use the no privilege level line configuration command. Also i am sending a document for your reference.
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3750/12225see/scg/swauthen.htm#wp1154063
HTH
Regards
Inayath -
Not able to login with privilege levels
Hi,
i have created privilege levels in cisco switch especially level 7 if i login with that username and password ,after typing privilege mode password it is going to level 15.... what is the problem ........
commnads i configured is :
# username cisco level 7 password cisco
#enable secret cisco
............please help me where i have gone wrongHi, What model/IOS version that you use?
Rating useful replies is more useful than saying "Thank you" -
Switch and Broadcast filtering
I read this article in the cisco curriculum, but I did not understand it well :
" Occasionally, a device will malfunction and continually send out broadcast frames, which are copied around the network. This is called a broadcast storm and it can significantly reduce network performance.
A switch that can filter broadcast frames makes a broadcast storm less harmful.
Today, switches are also able to filter according to the network-layer protocol. This blurs the demarcation between switches and routers. A router operates on the network layer using a routing protocol to direct traffic around the network. A switch that implements advanced filtering techniques is usually called a brouter. Brouters filter by looking at network layer information but they do not use a routing protocol ".
Can the switch filter the broadcast ? Yes, it can,,,,as Cisco says :"This filtering is achieved through the implementation of virtual local-area networks or VLANs ".,,,,,Is there any other type of filtering ?
What is the main difference between router and brouterhi
if u would like to control the broadcast and multicast storms you can refer the link for configuring the storm control for both broadcast and multicast.
you can define up the values and shut the port if it exceeds the threshold limit..
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hif_r/int_s4h.htm#wp1229258
About the difference between a router and a Brouter afaik BROUTER u use in most of the SP network where you got customers in either DSL or Metro ethernet network where you will have the aggregation of the whole network traffic and from where it will be forwarded to upstream.
It depends on the ios code too which is available to serve the purpose for the same..
you got to have something like 7200 or 7300 in place to serve your purpose of brouter.
regds -
Hello,
I was just wondering if more switches and routers on a network can increase speed greatly (mainly for internet). My design is
IDU -> 8 portDlink switch -> Pix 501 -network
IDU -> 8 portDlink switch -> cisco 2600 series -> catalyst 2950 -network
i also have other switches (e.g 3com, intex) along the way. Does a mixture of different vendors equipment affect the perfomers of others? If i add more switches and routers and stick to Cisco products can/how can i increase spead?
Thanks
DHi D,
The fastest speed you'll be able to achieve is a function of the slowest link along a given path. Adding more devices in the path will not help increase speeds. If anything, it may introduce more delay.
HTH,
Bobby
*Please rate helpful posts. -
Can you control switch and router access with AD (Kerberos)
I am standing up a small environment with less than 20 switches and I want to configure the authentication so that dedicated Active Directory accounts provide access to the switches. We are not going to be able to put up an ACS box, and I don't want to use RADIUS unless I have to. Since both AD and Cisco support Kerberos, is it possible to us an AD group to control access to my switches and routers?
Sam,
Have you looked at these at Cisco?
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_cfg_kerberos.html
Section "Login Authentication Using Kerberos"
http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfindx.html
or these
http://www.techrepublic.com/article/configure-cisco-routers-to-use-active-directory-authentication-the-windows-side/6180954
HTH,
Arnold -
Create users radius with privilege levels
hello
i have a question.. i want to build a test network with some switches and routers
but i want to be able to control the users..
and with control i mean, don't let them to be able to delete the flash: or to delete some nat translations.
is there a way to do this? and i going to use of a windows server 2008 R2 with radius
thanks allotHi,
This link answers your question.
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
aaa authori command is not reqd.
Regards,
~JG
Do rate helpful posts -
DHCP config in switch and router
Hi,
I was wondering if we can configure dhcp in switch and routers such that the IP of device assigned with IP address would change if we assign same static IP to another device in the same network. does cisco support such kind of configuration?
Thanks,
VishConsider this (I will not use in a production network): if you statically assign the IP add 192.168.1.1. to the PC both host will detect a uplicate ip address. After this the first host (the one using DHCP) will not renew the lease, instead it send a:
DHCPDECLINE - Client to server indicating network address is already
in use.
DHCP server will offer a new IP address and put the old one in the conflict database.
If you set a very short lease in some way you have the desired behavior but, again, it's nothing I wolud like to use ina production network
A little test with lease 1mnute
*Mar 1 01:31:01.183: DHCPD: DHCPDECLINE received from client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30.
*Mar 1 01:31:01.187: DHCPD: Sending notification of TERMINATION:
*Mar 1 01:31:01.187: DHCPD: address 192.168.123.7 mask 255.255.255.0
*Mar 1 01:31:01.191: DHCPD: reason flags: DECLINE
*Mar 1 01:31:01.191: DHCPD: htype 1 chaddr c202.1d24.0000
*Mar 1 01:31:01.195: DHCPD: lease time remaining (secs) = 57
*Mar 1 01:31:01.195: DHCPD: returned 192.168.123.7 to address pool DP.
*Mar 1 01:31:01.199: %DHCPD-4-DECLINE_CONFLICT: DHCP address conflict: client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 declined 192.168.123.7.
*Mar 1 01:31:01.207: DHCPD: Sending notification of DISCOVER:
*Mar 1 01:31:01.207: DHCPD: htype 1 chaddr c202.1d24.0000
*Mar 1 01:31:01.211: DHCPD: remote id 020a0000c0a87b0100000000
*Mar 1 01:31:01.211: DHCPD: circuit id 00000000
*Mar 1 01:31:01.215: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 on interface FastEthernet0/0.
*Mar 1 01:31:01.219: DHCPD: Seeing if there is an internally specified pool class:
*Mar 1 01:31:01.219: DHCPD: htype 1 chaddr c202.1d24.0000
*Mar 1 01:31:01.223: DHCPD: remote id 020a0000c0a87b0100000000
*Mar 1 01:31:01.223: DHCPD: circuit id 00000000
*Mar 1 01:31:01.223: DHCPD: Allocate an address without class information (192.168.123.0)
R1#
R1#
*Mar 1 01:31:03.227: DHCPD: Adding binding to radix tree (192.168.123.8)
*Mar 1 01:31:03.227: DHCPD: Adding binding to hash tree
*Mar 1 01:31:03.231: DHCPD: assigned IP address 192.168.123.8 to client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30.
*Mar 1 01:31:03.235: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 (192.168.123.8).
*Mar 1 01:31:03.239: DHCPD: broadcasting BOOTREPLY to client c202.1d24.0000.
*Mar 1 01:31:03.267: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30.
R1#
*Mar 1 01:31:03.271: DHCPD: Sending notification of ASSIGNMENT:
*Mar 1 01:31:03.275: DHCPD: address 192.168.123.8 mask 255.255.255.0
*Mar 1 01:31:03.275: DHCPD: htype 1 chaddr c202.1d24.0000
*Mar 1 01:31:03.279: DHCPD: lease time remaining (secs) = 60
*Mar 1 01:31:03.279: DHCPD: No default domain to append - abort update
*Mar 1 01:31:03.283: DHCPD: Sending DHCPACK to client 0063.6973.636f.2d63.3230.322e.3164.3234.2e30.3030.302d.4661.302f.30 (192.168.123.8).
*Mar 1 01:31:03.283: DHCPD: broadcasting BOOTREPLY to client c202.1d24.0000.
Maybe you are looking for
-
Dear All, I am trying to figure out how ADFBC handles Master Detail relationship as this is the first time where I need to handle table relationship. From practice, I only used one table but this time I need to manage the relationship also. I have tw
-
hi i have an iphone 4 which is from canada nd i have seen one sim inside it which is a canadian sim ,iam staying in india so can i use that phone in india and please tell me what are the steps ihave to take for using that canadian phone in india
-
How do I create a simple cartoon animation in Photoshop and transfer it into AE for better timing?
The title. I was wanting to make my own animation from scratch. I've always heard though that Photoshop didn't have good timing, so I was wondering how I could use AE for the timing.
-
Possible to Merge Aperture Libraries?
My wife and I each have our own aperture libraries that we edit photos with on separate computers. Is there a way to merge these? A good majority of the photos are duplicates, so I don't want to just export all of one and import them into the other.
-
My daughter has a MacBook and AirPort Express. While at home it was connected to our DSL modem/router. Now at school she is connecting to the ethernet in her apartment. I am not sure how it should be configured? Can some provide any thoughts? The roo