Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

PIX Privilege Levels


I have configured a username with privilege level 2 on my PIX but have not defined any commands for Level2.

Even then i observe that when i logon with those credentials iam able to go to the configure mode and by an large execute all the commands.

What is causing this.

My PIX Ver- 6.3(3)


username monitor password xxx encrypted privilege 2

PIX-525# show curpriv

Username : monitor

Current privilege level : 2

Current Mode/s : P_PRIV



Re: PIX Privilege Levels

sounds like you have enabled authentication but not authorisation. try:

aaa authorization command LOCAL

privilege cmd level 2 mode exec command show

privilege cmd level 2 mode exec command quit

privilege show level 2 mode exec command interface


Cisco Employee

Re: PIX Privilege Levels

"""When commands have privilege levels set, and users have privilege levels set, then the two are compared to determine if a given user can execute a given command.""" If the user's privilege level is lower than the privilege level of the command, the user is prevented from executing the command.

here i feel you have configured privilege level for account ,however you have n't specified the commands which should correspond to priv. level 2.So,pix has nothing to compare and that's why you are able to execute all of the commands.

CreatePlease to create content