Configuring Privilege Levels for Users

16 Mar

Configuring Privilege Levels for Users
As mentioned earlier, the Cisco IOS software has two modes of operation. You can configure up to 16 levels of commands for each mode, which allows you to selectively assign authority on a per−user basis. Commands entered into the IOS can be associated with each privilege level. You configure the privilege level for a command using the global configuration command privilege <mode> level <level> <command>. The exact syntax of this command is as follows:

privilege mode level level command | reset command

Figure 1.1 displays three users, Cindy, Marsha, and Jan, connected to a local segment. Cindy is the network engineer; she has full control over Router A. Marsha and Jan are system administrators; they need only limited functionality on Router A. Here is an example of the configuration that meets this requirement:

enable secret Cindy
enable secret level 3 Marsha
enable secret level 2 Jan
privilege exec level 3 debug
privilege exec level 3 show running−config
privilege exec level 3 telnet
privilege exec level 2 ping
privilege exec level 2 sh int ser0
privilege exec level 2 sh ip route
line con 0

Figure 1.1: Using privilege levels to create administrative levels. This configuration provides Cindy with the default full administrative rights to the router. Marsha is
given access to all features that are allowed with administrative level 3 and can perform the commands that are listed with a privilege level of 3. Jan is assigned a privilege level of 2 and is given access to all features and allowed to perform the commands listed with a privilege level of 2. The key is that each user must use the enable <level> command from the user mode prompt and log in with the password assigned for that level. An example is provided here:

SecureRouter>enable 3
Password: Marsha

Random Posts

No comments yet

Leave a Reply

You must be logged in to post a comment.