Configure access permissions for cisco Routers

Understanding the meaning of the Privilege level

By default, the Cisco IOS command line mode supports two levels of access command user EXEC (level 1) mode and privileged EXEC (Level 15)

In these 16 levels from 0 to 15, the commands that can be operated at each level are different. The number is about high, and the level is higher, the more commands can be operated.

You can customize the level and the commands that can be operated under these levels.

Operation of the Privilege command

Procedure

1. configure terminal

In global configuration mode, the default value is privileged 15.

2. privilege mode [all] level command

Mode defines the modes that can be operated at this level

Level indicates the Level to be defined.

[All] indicates that all sub-commands under the command can be used, instead of specifying

Command indicates the commands that you allow operations in the defined mode.

3. enable password level [encryption-type] password-string

Apply this level When configuring the password, which means that the user can use this password to log on to the set level automatically.

4. do copy running-config startup-config

Save Configuration

5. Test command

Disable 6

Reduces the current high level (15 by default) to level 6 to test whether the command has taken effect.

Enable 15

Indicates that the current low level 6 is restored to the High Level 15

Show privilege

View the current privilege level

Privilege application example

Router (config) # privilege exec level 6 configure terminal

Definition level 6: The configure terminal command can be used in exec mode

Router (config) # privilege configure all level 6 rtr

Definition level 6: Use the rtr command in configure mode and all sub-commands in rtr

Vro local verification database created with privilege

Username cisco privilege 5 password cisco

Indicates that the operation level is limited to 5 after a cisco user logs in using password cisco

Set in Line Mode

Line vty 0 4

Password cisco sets the line Password, which is used by all users to log on

Privilege level 14 all users logging on with this password are limited to 14

Login

Line vty 0 4

No login does not require password verification, direct login

Line vty 0 4

Login local use vro local verification database to authenticate users

Integrated Application

A network administrator wants the user

Username: enhan

The password is enhan.

Remotely log on to the local vrotelnet through telnet, but only grant some special permissions to the vrotelnet. For example, you can configure some routing protocols, but cannot enter other modes such as interfaces.

The configuration is as follows:

Username enhan privilege 3 password 0 enhan

Privilege configure all level 3 router

Privilege exec level 3 configure terminal

Line vty 0

Password cisco

Login local