Privilege Levels

Answered Question
Apr 23rd, 2007

I was looking for a guide explaining which command is allowed at each privilege level, for default: for example, what is allowed at privilege level 10?

Does anybody can tell me if a such document exist? If not, which level is required for debugging?

Thank you

I have this problem too.
0 votes
Correct Answer by mohammedmahmoud about 9 years 7 months ago

Hi there,

By default, the Cisco IOS software command-line interface (CLI) has two levels of access to commands: user EXEC mode (level 1) and privileged EXEC mode (level 15). However, you can configure additional levels of access to commands, called privilege levels, to meet the needs of your users while protecting the system from unauthorized access. Up to 16 privilege levels can be configured, from level 0, which is the most restricted level, to level 15, which is the least restricted level.

Accordingly level 10 is a custom level, you have to define allowed commands for that level either via the privilege command or via the TACACS+ server. And accordingly debug is available by default for level 15, and you can add it to any customer privilege level.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00803f3bb7.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080112495.html

HTH, please rate if it does,

Mohammed Mahmoud.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
mohammedmahmoud Mon, 04/23/2007 - 12:00

Hi there,

By default, the Cisco IOS software command-line interface (CLI) has two levels of access to commands: user EXEC mode (level 1) and privileged EXEC mode (level 15). However, you can configure additional levels of access to commands, called privilege levels, to meet the needs of your users while protecting the system from unauthorized access. Up to 16 privilege levels can be configured, from level 0, which is the most restricted level, to level 15, which is the least restricted level.

Accordingly level 10 is a custom level, you have to define allowed commands for that level either via the privilege command or via the TACACS+ server. And accordingly debug is available by default for level 15, and you can add it to any customer privilege level.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a00803f3bb7.html

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080112495.html

HTH, please rate if it does,

Mohammed Mahmoud.

Actions

This Discussion