Configure 16 permission levels for Cisco IOS

Source: Internet
Author: User

Many network administrators working on Cisco IOS have never bothered to consider the level of permissions they are using or the meaning of these levels. However, Cisco IOS actually has sixteen different permission levels. David Davis discusses these different levels and describes the main commands needed to configure these permissions.

Do you know why Cisco IOS provides 16 permission levels with different commands? Many network administrators working in Cisco IOS environments have never bothered to consider the meaning of their use of permission levels or these levels.

When you enter different permission levels in Cisco IOS, the higher your permission level is, the more operations you can perform on the vro. However, most Cisco routers are familiar with only two permission levels:

User EXEC mode-Permission Level 1

Privileged EXEC mode-Permission level 15

When you log on to the Cisco router in the default configuration, you are in user EXEC mode level 1. In this mode, you can view some information about the vro, such as the interface status, and view the routes in the route table. However, you cannot make any modifications or view the running configuration file.

Due to these restrictions, most Cisco routers immediately enter enable to exit user EXEC mode. By default, the input enable will enter the level 15, that is, the Privileged EXEC mode. In Cisco IOS, this level is equivalent to having root permissions on UNIX or administrator permissions on Windows. In other words, you can fully control the vro.

Because the network is only maintained by a few people, each of them usually has a password to enter the privileged mode. However, in some cases, small or medium-sized companies will grow further, and permission issues will become more complex.

In many cases, the problem arises when there is a support group or an inexperienced administrator who does not need to perform too many access on the vro. Maybe they just need to connect to the vro to view the running configuration or reset the interface.

In this case, these users need to perform operations at a certain level between Grade 1 and grade 15. Keep in mind the minimum permission principle: only grant the required minimum access permissions.

There are many feasible methods to configure IOS users and permissions. I cannot describe each method in detail in an article. Therefore, we will focus on the basic commands you use when configuring permissions.

Show privilege: This command displays the current permissions. Here is an example:

Router # show privilege

Current privilege level is 3

Enable: the Administrator usually uses this command to enter the Privileged EXEC mode. However, it can also take you into any privileged mode. Here is an example:

router# show privilege    Current privilege level is 3    router# enable 1    router> show privilege    Current privilege level is 1    router>

User: This command not only sets the User, but also tells IOS what level of permissions the User will have when logging on. Here is an example:

Routerconfig) # username test password test privilege 3

Privilege: This command sets certain commands to be used only at a certain level. Here is an example:

Routerconfig) # enable secret level 5 level5pass

Enable secret: by default, this command creates a password for privileged mode 15. However, you can also use it to create passwords for other privileged modes that you can create.

Let's look at an example. Suppose you want to create a maintenance user who can log on to the vro and view the startup information and any other information of level 1 ). The command you will enter may be:

Routerconfig) # user support privilege 3 password support

Routerconfig) # privilege exec level 3 show startup-config

Note that the enable secret command is not required unless you want to allow the user logging in with level 1 to use the password to upgrade to Level 3. In our example, new users are maintained) and there is no additional enable secret password to log on.

Note that this configuration assumes that you already have a vro with a configured user name and password. In this example, you have defined the enable secret command for Level 15, you have a super user with a grade of 15, and you have saved the startup configuration file under the Super User permission.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.