The Cisco IOS CLI has three privilege levels by default:
Level 0
Level 0 provides the disable
, enable
, exit
, help
, and logout
commands
Level 1
Level 1 is known as User EXEC mode. It is not possible to make configuration changes in this mode and the command configure terminal
is not available.
Level 15
Known as Privileged EXEC mode. This is the highest level and all commands are available.
Other Levels
Additional levels can be configured between 2 and 14 to provide customised access control.
The global configuration command privilege <mode> level <level> <command>
can be used to change or set a level for a command to any level.
username george privilege 5 secret Bananas! privilege exec level 5 configure terminal privilege configure level 5 configure terminal privilege configure level 5 interface privilege interface level 5 shutdown privilege interface level 5 no shutdown
Using local authentication and privilege levels on every device can provide good security, but can become cumbersome to manage on every device.
To simplify configuration and maintain consistency, the preferred approach is to use the Authentication, Authorisation and Accounting framework
Leave a Reply