Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Security Level

hello,

I want to security Level of login User created on Router or Firewall or any network Devices means that 0 to 15 level,

How I can Know how much authority is available On network Login User.

And also I want to kanow security zone, means what traffic is allowed and what are not allowed on security zone.

e.g

In security Zone 100 what traffic is allowed ?

In security Zone 0 what traffic is allowed ?

and If i give between 0 to 100 any no on interface then what happened on that interface ?

4 REPLIES

Re: Security Level

hello,I want to security Level of login User created on Router or Firewall or any network Devices means that 0 to 15 level,

How I can Know how much authority is available On network Login User.

And also I want to kanow security zone, means what traffic is allowed and what are not allowed on security zone.

e.g

In security Zone 100 what traffic is allowed ?

In security Zone 0 what traffic is allowed ?

and If i give between 0 to 100 any no on interface then what happened on that interface ?

Hi,

For your query on security level basic defination and a thumb rule in firewall about security level says a lower level number means that an interface belongs to a relatively less secure part of the network as compared to an interface that has a higher level number.Typically the interface connected to the public network has zero level assigned to it.

This describes a very low level security,the interface sitting on the private network has a security level of 100,meaning that it is the most secure.

By default traffic can flow freely from high security level to low security level,provided that a network address translation is built for the traffic's source ip address.However from low level to high level rules need to be explicitly defined on the firewall allowing this traffic to go through.

and if you want to check the previallage level in router what has assigned to users you can issue show privelliage in routers.

Hope that clear out your query !!

If helpful do rate the post

Ganesh.H

New Member

Re: Security Level

hello,

You had given me current user,

But if i create any new user and i want to give then some security access then what i do fit that ?

means some user give some access and some user i give different access.

accordingly security level there is any specafiction to we know that if i give 4 then this mych access to that user and if i give 8 then this much aceess to that user.

Cisco Employee

Re: Security Level

If you want to allow specific users to go to specific destinations only you can use access lists that say permit x1 to destinations y and x2 to destinations z.

If you want them to first authenticate you can use AAA and downloadable ACL per use.

I hope it helps.

PK

Re: Security Level

hello,

You had given me current user,

But if i create any new user and i want to give then some security access then what i do fit that ?

means some user give some access and some user i give different access.

accordingly security level there is any specafiction to we know that if i give 4 then this mych access to that user and if i give 8 then this much aceess to that user.

Hi,

If you are using AAA and authetication with ACS then for cisco devices you can use ACS to controll previllages level and permiison of commands to access on cisco devices via authorization and authorization sets in ACS and downloadble acl to give some restricted access to devices also.

Hope that help

If helpful do rate

Ganesh.H

420
Views
0
Helpful
4
Replies
CreatePlease to create content