Header
Home | Set as homepage | Add to favorites
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey, 

Home : CCSP-Cisco Certified Security Professional : Privilege Levels

Privilege Levels

image


 


Cisco devices numbered 0 through 15 have 16 privilege levels. By default, any user who can furnish the user-level password or user name/password combination can gain User exec mode access to the device, which is privilege level 1. From there, if the user knows the enable secret password, they can access the Privilege exec mode, or privilege level 15. The three predefined privilege levels on Cisco devices include the following:

  • 1 User exec mode only (prompt is router>), the default level for login

  • 15 Privileged exec mode (prompt is router#), the Enable mode

  • 0 Seldom used, but includes five commands: disable, enable, exit, help, and logout

To determine or confirm the current privilege level, type the show privilege command. It would look like this in Privilege mode:

Rtr1#show privilege
Current privilege level is 15
Rtr1#

Privilege levels 2 through 14 can be defined by the admin to provide limited features to some users by assigning specific commands to the level using the privilege command.

The syntax is

privilege mode {level level command | reset command}, where

mode

Indicates the configuration level being assigned. This includes all router configuration modes, including exec, configure, and interface.

level

Indicates the level being defined.

command

Indicates the command to be included. If you specify exec mode, then the command must be an exec mode command.

reset

Resets the privilege level of the command to the default privilege level.

A possible application of this feature might look like the following lines, which are creating a new Privilege mode for a part-time administrator.

Rtr1(config)#privilege exec level 7 ping
Rtr1(config)#privilege exec level 7 show startup-config
Rtr1(config)#privilege exec level 7 show ip route
Rtr1(config)#privilege exec level 7 show ip int brief
Rtr1(config)#enable secret level 7 tESt7

The following lines show how the new privilege level would be accessed and a confirmation of the new level:

Rtr1>enable 7
Password:
Rtr1#show privilege
Current privilege level is 7
Rtr1#

Any attempt to run a command other than those specifically defined for this privilege level returns the same error message as any attempt to run a command from the wrong mode. As you will see in Chapter 4, AAA authentication provides some additional options for this feature.

Note that the privilege feature only limits user access if the user only knows the enable secret password for the defined level. If the user knows any other level password, then they can go there as well.


p1c2 using

5074 times read

Related news
» Changing Privilege Level of IOS Commands
by admin posted on Jul 21,2008
» Defining Per Port Privileges
by admin posted on Jul 21,2008
» Defining Per User Privileges
by admin posted on Jul 21,2008
» Firewall Privilege Levels
by alperen posted on Feb 06,2010
» Privilege Mode Passwords
by alperen posted on Jul 06,2009
Did you enjoy this article?
1 2 3 4 5
Rating: 4.00Rating: 4.00Rating: 4.00Rating: 4.00 (total 8 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
Website Statistics
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.