Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

aaa priv levels + commands

Hi all, I have been learning to use the aaa and acs server on my router, let me say, I think its very good.

2 questions is priv level 15 the only level that allows enable mode?

also has anyone got a default template that they use as standard, ie recommended practice

3 REPLIES
New Member

Re: aaa priv levels + commands

Privilege level 15 is enable mode.

Unfortunately, I am not allowed to share the template, but I can tell you level 1 can do a show on anything (except running-config). Copy and sh run are level 2 and above for us.

In the end, it is important for you to decide how many levels are needed for your org, and who is going to use each level. Only then can you decide what commands should be at each level.

New Member

Re: aaa priv levels + commands

can anyone tell me how to do a policy on my acs that only allows show commands on the router, also what do I need to type on the router for this ?

Super Bronze

Re: aaa priv levels + commands

". . . is priv level 15 the only level that allows enable mode? "

Don't believe so. If I recall correctly, "enable (1..15)" is supported. Enable command without an explicit priv level defaults to level 15.

132
Views
0
Helpful
3
Replies
CreatePlease to create content