06-24-2009 11:34 AM - edited 03-06-2019 06:26 AM
Hi every body!
i was reading about the levels in " enable secret" command.
I found the following on cisco side:
enable secret [level level]
Syntax Description
enable secret [level level] {password | [encryption-type] encrypted-password}
(Optional) Level for which the password applies. You can specify up to sixteen privilege levels, using numbers 0 through 15. Level 1 is normal EXEC-mode user privileges. If this argument is not specified in the command or in the no form of the command, the privilege level defaults to 15 (traditional enable privileges). The same holds true for the no form of the command.
what are these levels and what they mean?
thanks a lot!
Solved! Go to Solution.
06-24-2009 11:58 AM
The levels are a way of further fine tuning the access level a given user has once they are logged into your network device.
For instance, you may want to give someone the ability to log in with enable level access but forbid them from being able to go into configuration mode to change the running config.
See the following document for a more comprehensive explanation: http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli_support_TSD_Island_of_Content_Chapter.html#wp1167818
06-24-2009 12:11 PM
Zeeshan,
When you log in to a Cisco device,you're in user EXEC mode (level 1). You can use a limited commands there. We sometimes don't want users to go to privilege EXEC mode(Level 15) and want to allow them to use particular commands. So you use a "level" option.
F.e
Router(config)#enable secret level 3 level3
Router(config)# privilege exec level 3 config terminal
Router#diable
Router>enable 3
Router#? , You will see "configure terminal" there. Yes,Level 1 cannot use this command.
Here you go: http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfpass.html
HTH,
Toshi
06-24-2009 11:58 AM
The levels are a way of further fine tuning the access level a given user has once they are logged into your network device.
For instance, you may want to give someone the ability to log in with enable level access but forbid them from being able to go into configuration mode to change the running config.
See the following document for a more comprehensive explanation: http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli_support_TSD_Island_of_Content_Chapter.html#wp1167818
06-24-2009 12:11 PM
Zeeshan,
When you log in to a Cisco device,you're in user EXEC mode (level 1). You can use a limited commands there. We sometimes don't want users to go to privilege EXEC mode(Level 15) and want to allow them to use particular commands. So you use a "level" option.
F.e
Router(config)#enable secret level 3 level3
Router(config)# privilege exec level 3 config terminal
Router#diable
Router>enable 3
Router#? , You will see "configure terminal" there. Yes,Level 1 cannot use this command.
Here you go: http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfpass.html
HTH,
Toshi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide