Hello all. Hopefully, this will prove to be an easy question with a simple answer!
I want to configure local username/passwords on my router, with different privilege levels. For example username admin is only allowed to access privilege level 1 commands, and username engineer is allowed to enter all comands (level 15). However, when I test this via console or telnet, both go into user mode to start with (Router>) and I can enter enable mode on both username logins by entering the enable password (Router#). Therefore, both username's have the same access rights (to all commands) even though they have different privilege levels. I thought the privilege level 1 account would not be allowed to issue level15 commands?
Is your ACS server configured with advanced tacacs+ settings? If so, under user setup, you can select "No enable privilege". They will not be allowed to enter enable mode even if they enter the correct password. With regard to local usernames and passwords, it only states what level they can start at. If they know the enable password, then they can get to enable mode.
The privilege levels are used when you do not want to give full level 15 access to someone but only some commands.
For example you may want a tech. to be able to change the bandwidth of an interface and nothing else. So we reduce the privilege level of the interface bandwidth command to say 10 and give the tech level 10 access.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :