Categories
CCNP Enterprise Core (350-401) Cisco Security

User Privilege Levels and Roled Based Access Control

The Cisco IOS CLI has three privilege levels by default:

Level 0

Level 0 provides the disable, enable, exit, help, and logout commands

Level 1

Level 1 is known as User EXEC mode. It is not possible to make configuration changes in this mode and the command configure terminal is not available.

Level 15

Known as Privileged EXEC mode. This is the highest level and all commands are available.

Other Levels

Additional levels can be configured between 2 and 14 to provide customised access control.

The global configuration command privilege <mode> level <level> <command> can be used to change or set a level for a command to any level.

username george privilege 5 secret Bananas!
privilege exec level 5 configure terminal
privilege configure level 5 configure terminal
privilege configure level 5 interface
privilege interface level 5 shutdown
privilege interface level 5 no shutdown

Using local authentication and privilege levels on every device can provide good security, but can become cumbersome to manage on every device.

To simplify configuration and maintain consistency, the preferred approach is to use the Authentication, Authorisation and Accounting framework

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.