Can't remove privileges from router

Andy White · ‎03-16-2012

Hello,

I'm got a test router where I have created a roles based cli view instead of using privileges. I know want to move these old privileges as the cli view is workfing but can't. I'm wonderign of the cli view requires them.

Here is what I have:

username cisco privilege 15 secret 5 ***********

username test view priv3 secret 5************

CLI view

parser view priv3

secret 5 $1$tQxU$dver3rtrernSBFKV/

commands interface include shutdown

commands interface include no shutdown

commands interface include no

commands configure include interface

commands exec include configure terminal

commands exec include configure

commands exec include show ip interface brief

commands exec include show ip interface

commands exec include show ip

commands exec include show arp

commands exec include show privilege

commands exec include show interfaces

commands exec include show configuration

commands exec include show

commands configure include interface FastEthernet0/0

commands configure include interface FastEthernet0/1

Privileges which I can't remove:

privilege interface level 3 shutdown

privilege interface level 3 no shutdown

privilege interface level 3 no

privilege configure level 3 interface

privilege configure level 3 shutdown

privilege configure level 15 config-register

privilege exec level 3 configure terminal

privilege exec level 3 configure

privilege exec level 3 show ip interface brief

privilege exec level 3 show ip interface

privilege exec level 3 show ip

privilege exec level 15 show running-config

privilege exec level 3 show configuration

privilege exec level 1 show

privilege exec level 3 exit

Any ideas?

John Peterson · ‎03-16-2012

If I remember you have to use the clear command, try clear username ? There will be a list

HTH

Sent from Cisco Technical Support iPhone App

Mary Ghabrai · ‎05-17-2012

Hi Andy,

I think i found the solution for this today.

to remove you have to use something like this:

“privilege exec reset write memory”

so basically privilege exec /or interface / or configure and then reset the command that you have in there. that would remove them

hope this was helpful

Cheers,

Mary

Ibrahim Khatib · ‎10-25-2016

That was SOOOOOO It!!!

privilege [mode] reset [first line of commnand]

BAM! Clears the 'privilege level' junk Straight out of the run config

To be fair, I am not sure if this is what the original asker was going for but it was definitely MY issue.

IZZYJOV76 · ‎09-19-2017

Hi, can you put the real code ?

i have the same issue , i want to remove the privilege 15 from the router configuration.

i typed : username xxx privilege 15 secret cisco....

You said that

privilege [mode] reset [first line of commnand]

could you type the real code? not sure what you mean with first line of command

thanks

andy-xconx · ‎03-05-2017

Mary, thanks.

You just helped me with my problem too.

Cheers,

(another) Andy

ukhwan.kim · ‎03-14-2019

thanks

i find reset command !!~

divyanshuarora · ‎06-10-2013

Answer to your problem:

Privileges which I can't remove:

privilege interface reset shutdown

privilege interface reset no shutdown

privilege interface reset no

privilege configure reset interface

privilege configure reset shutdown

privilege configure reset config-register

privilege exec reset configure terminal

privilege exec reset configure

privilege exec reset show ip interface brief

privilege exec reset show ip interface

privilege exec reset show ip

privilege exec reset show running-config

privilege exec reset show configuration

privilege exec reset show

privilege exec reset exit

Fred6 · ‎09-12-2018

I am missing something here.

I want to stop level 3 users from using the telnet and ssh commands. I don't want them tying up the serial interface to telnet or SSH to other places out on the Internet (we telnet to a serial device that allows us to connect a serial port to the router's console interface. Then we log in using the credentials set in our Cisco router. So only one user can be logged into the router at a time).

You say use this syntax: 'privilege exec reset telnet' and 'privilege exec reset ssh'.

What limits these commands to affect only privilege level 3 users?

Fred

Richard Burts · ‎09-12-2018

Fred

I believe that you misunderstand what was being discussed in the earlier posts. I believe that they were discussing situations where certain commands were assigned to a different privilege level and now they want them back to the default value. And that is what reset would do.

In your case I believe that what you have is that telnet and ssh are available to users who are privilege level 3 and you want them to not be able to use these commands. So in your case you do not want to reset and you do want to change the privilege level of the commands telnet and ssh to something higher than 3.

HTH

Rick

HTH

Rick