HOW TO CONFIGURE PRIVILEGE LEVELS IN CISCO IOS

CONFIGURING PRIVILEGE LEVELS IN CISCO IOS

Privilege levels determine who should be allowed to connect to the device and what that person should be able to do with it. The Cisco IOS software CLI has two levels of access to commands –

• User EXEC mode (privilege level 1) – Provides the lowest EXEC mode user privileges and allows only user-level commands available at the router> prompt.
• Privileged EXEC mode (privilege level 15) – Includes all enable-level commands at the router# prompt.

Apart from these 2 modes, additional levels can be configured between 2 to 14 for protecting the network devices from unauthorized access. Customized Privilege levels are useful for enterprises which can’t invest in authentication servers.

Below is a configuration examples to create a customized Cisco Privilege Levels 10, which should include Privilege to –

• configure terminal
• configure interfaces with IPv4 addresses
• shut interface

Step 1 –
Configure “enable secret” password for Privilege Level 10

Step 2 –
Configure Privilege Level 10 to move to Global Configuration mode, configure interfaces with IPv4 addresses and shut the interface.

Step 3 –
Now , we will verify Privilege Level 10 as below –

Step 4 –
Below verification validates that configured Privilege level 10 does not allow other parameters to be configured apart from ones required (like Privilege level 10 can’t be allowed to configure ipv6 address ) –

Related – PIPE Feature & Commands in Cisco IOS

ABOUT THE AUTHOR

Rashmi Bhardwaj

I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”

I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.

I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)