Solved: enable secret [level] password command

sarahr202 · ‎06-24-2009

Hi every body!

i was reading about the levels in " enable secret" command.

I found the following on cisco side:

enable secret [level level]

Syntax Description

enable secret [level level] {password | [encryption-type] encrypted-password}

(Optional) Level for which the password applies. You can specify up to sixteen privilege levels, using numbers 0 through 15. Level 1 is normal EXEC-mode user privileges. If this argument is not specified in the command or in the no form of the command, the privilege level defaults to 15 (traditional enable privileges). The same holds true for the no form of the command.

what are these levels and what they mean?

thanks a lot!

Marvin Rhoads · ‎06-24-2009

The levels are a way of further fine tuning the access level a given user has once they are logged into your network device.

For instance, you may want to give someone the ability to log in with enable level access but forbid them from being able to go into configuration mode to change the running config.

See the following document for a more comprehensive explanation: http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli_support_TSD_Island_of_Content_Chapter.html#wp1167818

View solution in original post

Thotsaphon Lueangwattanaphong · ‎06-24-2009

Zeeshan,

When you log in to a Cisco device,you're in user EXEC mode (level 1). You can use a limited commands there. We sometimes don't want users to go to privilege EXEC mode(Level 15) and want to allow them to use particular commands. So you use a "level" option.

F.e

Router(config)#enable secret level 3 level3

Router(config)# privilege exec level 3 config terminal

Router#diable

Router>enable 3

Router#? , You will see "configure terminal" there. Yes,Level 1 cannot use this command.

Here you go: http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfpass.html

HTH,

Toshi