enable secret [level] password command

Answered Question
Jun 24th, 2009
User Badges:
  • Bronze, 100 points or more

Hi every body!


i was reading about the levels in " enable secret" command.

I found the following on cisco side:





enable secret [level level]


Syntax Description



enable secret [level level] {password | [encryption-type] encrypted-password}




(Optional) Level for which the password applies. You can specify up to sixteen privilege levels, using numbers 0 through 15. Level 1 is normal EXEC-mode user privileges. If this argument is not specified in the command or in the no form of the command, the privilege level defaults to 15 (traditional enable privileges). The same holds true for the no form of the command.




what are these levels and what they mean?


thanks a lot!

Correct Answer by thotsaphon about 8 years 1 month ago

Zeeshan,


When you log in to a Cisco device,you're in user EXEC mode (level 1). You can use a limited commands there. We sometimes don't want users to go to privilege EXEC mode(Level 15) and want to allow them to use particular commands. So you use a "level" option.


F.e

Router(config)#enable secret level 3 level3

Router(config)# privilege exec level 3 config terminal

Router#diable

Router>enable 3


Router#? , You will see "configure terminal" there. Yes,Level 1 cannot use this command.



Here you go: http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfpass.html


HTH,

Toshi

Correct Answer by Marvin Rhoads about 8 years 1 month ago

The levels are a way of further fine tuning the access level a given user has once they are logged into your network device.


For instance, you may want to give someone the ability to log in with enable level access but forbid them from being able to go into configuration mode to change the running config.


See the following document for a more comprehensive explanation: http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli_support_TSD_Island_of_Content_Chapter.html#wp1167818



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Marvin Rhoads Wed, 06/24/2009 - 11:58
User Badges:
  • Super Silver, 17500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

The levels are a way of further fine tuning the access level a given user has once they are logged into your network device.


For instance, you may want to give someone the ability to log in with enable level access but forbid them from being able to go into configuration mode to change the running config.


See the following document for a more comprehensive explanation: http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli_support_TSD_Island_of_Content_Chapter.html#wp1167818



Correct Answer
thotsaphon Wed, 06/24/2009 - 12:11
User Badges:
  • Gold, 750 points or more

Zeeshan,


When you log in to a Cisco device,you're in user EXEC mode (level 1). You can use a limited commands there. We sometimes don't want users to go to privilege EXEC mode(Level 15) and want to allow them to use particular commands. So you use a "level" option.


F.e

Router(config)#enable secret level 3 level3

Router(config)# privilege exec level 3 config terminal

Router#diable

Router>enable 3


Router#? , You will see "configure terminal" there. Yes,Level 1 cannot use this command.



Here you go: http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfpass.html


HTH,

Toshi

Actions

This Discussion