aaa priv levels + commands

Unanswered Question
Mar 27th, 2009

Hi all, I have been learning to use the aaa and acs server on my router, let me say, I think its very good.

2 questions is priv level 15 the only level that allows enable mode?

also has anyone got a default template that they use as standard, ie recommended practice

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tom_fox_ki4qqq Fri, 03/27/2009 - 05:03

Privilege level 15 is enable mode.

Unfortunately, I am not allowed to share the template, but I can tell you level 1 can do a show on anything (except running-config). Copy and sh run are level 2 and above for us.

In the end, it is important for you to decide how many levels are needed for your org, and who is going to use each level. Only then can you decide what commands should be at each level.

carl_townshend Mon, 03/30/2009 - 02:01

can anyone tell me how to do a policy on my acs that only allows show commands on the router, also what do I need to type on the router for this ?

Joseph W. Doherty Mon, 03/30/2009 - 04:16

". . . is priv level 15 the only level that allows enable mode? "

Don't believe so. If I recall correctly, "enable (1..15)" is supported. Enable command without an explicit priv level defaults to level 15.


This Discussion