Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Available privilege modes in cisco and their rights

hi

can i hve any link which gives the rights(whtever commands permitted under that particular privilege) given to each privilege starting from 0 to 16 ????

thks in advance

prem

3 REPLIES
Gold

Re: Available privilege modes in cisco and their rights

Privilege level zero gives you basically "enable" and "exit".

Privilege level one gives you the well-known non-privileged set of commands (nearly all show command, etc). Any command not documented as needing "enable mode" or "privilege 15" is available here.

Privilege levels 2 through 14 are exactly equivalent to 1 unless you configure specific extra privileges for those levels through the "privilege" configuration commands or AAA configuration. They exist so that you can create custom user levels for your local needs. You can configure levels such that a user may see the configuration but not change it, or change very specific parts only, or execute clear commands, etc.

Privilege level 15 is full access to all parts of the router. There is no level 16.

New Member

Re: Available privilege modes in cisco and their rights

hi,

username level_zero privilege 0 password zero

username basic_user privilege 1 password one

username admin privilege 15 password admin

With the above setup, user level_zero can execute only disable, enable, exit, help, and logout commands.

User basic_user can execute all the level 0 and level 1 commands.

User admin can execute all the commands on the router.

On the router these are the 3 level of default commands:

-privilege level 0 — includes the disable, enable, exit, help, and logout commands

- privilege level 1 — normal level on Telnet; includes all user-level commands at the router> prompt

- privilege level 15 — includes all enable-level commands at the router#

prompt

Now based on your requirement, you can create a priv level bewteen 2-14 and assign any priv level 15 commands (level 0 and 1 would be inherited by default). Here is an example:

username six privilege 6 password 0 six

With this, user six is only able to execute all the level 0 & 1 commands. If the user need to execute "config t" on the router, he has to add the following line to add this level 15 commans to level 6.

privilege exec level 6 configure terminal

I hope this helps ! Please be aware of the "show running-config" though. For a better understanding of this special behavior of this command please refer to the following link:

http://www.cisco.com/warp/public/63/showrun.shtml

http://www.cisco.com/warp/public/480/PRIV.html

Hope this helps

Regards

Kiruba

Re: Available privilege modes in cisco and their rights

hi young&kiruba

thks for u r inputs

417
Views
0
Helpful
3
Replies