Reza,

Thanks for your reply.

My question is, with your solution, the user will be able to do only the show commands when they do 'enable 2 xxxxxx'  to login in at privilege 2 level.

But if they somehow discover the enable password (for privilege 15), they can jsut do 'enable xxxxxx' and still login to privilege 15. Right?

So, I would like to see if there is way that if an user login to the User privilege mode, they will not be able to type 'enable' at all.  This way, even if they find out the enable password, they will not be able to login to privilege 15 when they login using their username and password.

Thanks.

Hi Benny,

When you log in to a Cisco router under the default configuration, you're in user EXEC mode (level 1). From this mode, you have access to some information about the router, such as the status of interfaces, and you can view routes in the routing table. However, you can't make any changes or view the running configuration file.

For your query you can assign them privillage level 3 and configure this command in your router that only particular privillage level can see this command in router.her is the example.

privilege exec level 1 enable
privilege exec level 1 telnet
privilege exec level 1 tunnel
privilege exec level 1 clear
privilege exec level 1 login

With the above example only priviallage level 1 user can view enable,telnet,tunnel only below level that is level 0 cant see above commands in routers.

Hope that clear out your query !!

If helpful do rate the valuable post.

Regards

Ganesh.H

Hi Benny,

When you log in to a Cisco router under the default configuration, you're in user EXEC mode (level 1). From this mode, you have access to some information about the router, such as the status of interfaces, and you can view routes in the routing table. However, you can't make any changes or view the running configuration file.

For your query you can assign them privillage level 3 and configure this command in your router that only particular privillage level can see this command in router.her is the example.

privilege exec level 1 enable
privilege exec level 1 telnet
privilege exec level 1 tunnel
privilege exec level 1 clear
privilege exec level 1 login

With the above example only priviallage level 1 user can view enable,telnet,tunnel only below level that is level 0 cant see above commands in routers.

Hope that clear out your query !!

If helpful do rate the valuable post.

Regards

Ganesh.H

Hi Benny,

When you log in to a Cisco router under the default configuration, you're in user EXEC mode (level 1). From this mode, you have access to some information about the router, such as the status of interfaces, and you can view routes in the routing table. However, you can't make any changes or view the running configuration file.

For your query you can assign them privillage level 3 and configure this command in your router that only particular privillage level can see this command in router.her is the example.

privilege exec level 1 enable
privilege exec level 1 telnet
privilege exec level 1 tunnel
privilege exec level 1 clear
privilege exec level 1 login

With the above example only priviallage level 1 user can view enable,telnet,tunnel only below level that is level 0 cant see above commands in routers.

Hope that clear out your query !!

If helpful do rate the valuable post.

Regards

Ganesh.H

I am sorry i dont know how it has posetd three post for the same thread.

Regards

Ganesh.H