Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

enable secret [level] password command

Hi every body!

i was reading about the levels in " enable secret" command.

I found the following on cisco side:

enable secret [level level]

Syntax Description

enable secret [level level] {password | [encryption-type] encrypted-password}

(Optional) Level for which the password applies. You can specify up to sixteen privilege levels, using numbers 0 through 15. Level 1 is normal EXEC-mode user privileges. If this argument is not specified in the command or in the no form of the command, the privilege level defaults to 15 (traditional enable privileges). The same holds true for the no form of the command.

what are these levels and what they mean?

thanks a lot!

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Re: enable secret [level] password command

The levels are a way of further fine tuning the access level a given user has once they are logged into your network device.

For instance, you may want to give someone the ability to log in with enable level access but forbid them from being able to go into configuration mode to change the running config.

See the following document for a more comprehensive explanation: http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli_support_TSD_Island_of_Content_Chapter.html#wp1167818

Re: enable secret [level] password command

Zeeshan,

When you log in to a Cisco device,you're in user EXEC mode (level 1). You can use a limited commands there. We sometimes don't want users to go to privilege EXEC mode(Level 15) and want to allow them to use particular commands. So you use a "level" option.

F.e

Router(config)#enable secret level 3 level3

Router(config)# privilege exec level 3 config terminal

Router#diable

Router>enable 3

Router#? , You will see "configure terminal" there. Yes,Level 1 cannot use this command.

Here you go: http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfpass.html

HTH,

Toshi

2 REPLIES
Hall of Fame Super Silver

Re: enable secret [level] password command

The levels are a way of further fine tuning the access level a given user has once they are logged into your network device.

For instance, you may want to give someone the ability to log in with enable level access but forbid them from being able to go into configuration mode to change the running config.

See the following document for a more comprehensive explanation: http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cfg_sec_4cli_support_TSD_Island_of_Content_Chapter.html#wp1167818

Re: enable secret [level] password command

Zeeshan,

When you log in to a Cisco device,you're in user EXEC mode (level 1). You can use a limited commands there. We sometimes don't want users to go to privilege EXEC mode(Level 15) and want to allow them to use particular commands. So you use a "level" option.

F.e

Router(config)#enable secret level 3 level3

Router(config)# privilege exec level 3 config terminal

Router#diable

Router>enable 3

Router#? , You will see "configure terminal" there. Yes,Level 1 cannot use this command.

Here you go: http://www.cisco.com/en/US/docs/ios/12_2/security/command/reference/srfpass.html

HTH,

Toshi

8123
Views
0
Helpful
2
Replies