Understanding the meaning of the Privilege level
By default, the Cisco IOS command line mode supports two levels of access command user EXEC (level 1) mode and privileged EXEC (Level 15)
In these 16 levels from 0 to 15, the commands that can be operated at each level are different. The number is about high, and the level is higher, the more commands can be operated.
You can customize the level and the commands that can be operated under these levels.
Operation of the Privilege command
Procedure
1. configure terminal
In global configuration mode, the default value is privileged 15.
2. privilege mode [all] level command
Mode defines the modes that can be operated at this level
Level indicates the Level to be defined.
[All] indicates that all sub-commands under the command can be used, instead of specifying
Command indicates the commands that you allow operations in the defined mode.
3. enable password level [encryption-type] password-string
Apply this level When configuring the password, which means that the user can use this password to log on to the set level automatically.
4. do copy running-config startup-config
Save Configuration
5. Test command
Disable 6
Reduces the current high level (15 by default) to level 6 to test whether the command has taken effect.
Enable 15
Indicates that the current low level 6 is restored to the High Level 15
Show privilege
View the current privilege level
Privilege application example
Router (config) # privilege exec level 6 configure terminal
Definition level 6: The configure terminal command can be used in exec mode
Router (config) # privilege configure all level 6 rtr
Definition level 6: Use the rtr command in configure mode and all sub-commands in rtr
Vro local verification database created with privilege
Username cisco privilege 5 password cisco
Indicates that the operation level is limited to 5 after a cisco user logs in using password cisco
Set in Line Mode
Line vty 0 4
Password cisco sets the line Password, which is used by all users to log on
Privilege level 14 all users logging on with this password are limited to 14
Login
Line vty 0 4
No login does not require password verification, direct login
Line vty 0 4
Login local use vro local verification database to authenticate users
Integrated Application
A network administrator wants the user
Username: enhan
The password is enhan.
Remotely log on to the local vrotelnet through telnet, but only grant some special permissions to the vrotelnet. For example, you can configure some routing protocols, but cannot enter other modes such as interfaces.
The configuration is as follows:
Username enhan privilege 3 password 0 enhan
Privilege configure all level 3 router
Privilege exec level 3 configure terminal
Line vty 0
Password cisco
Login local