The Cisco IOS CLI has three privilege levels by default:
Level 0 provides the
Level 1 is known as User EXEC mode. It is not possible to make configuration changes in this mode and the command
configure terminal is not available.
Known as Privileged EXEC mode. This is the highest level and all commands are available.
Additional levels can be configured between 2 and 14 to provide customised access control.
The global configuration command
privilege <mode> level <level> <command> can be used to change or set a level for a command to any level.
username george privilege 5 secret Bananas! privilege exec level 5 configure terminal privilege configure level 5 configure terminal privilege configure level 5 interface privilege interface level 5 shutdown privilege interface level 5 no shutdown
Using local authentication and privilege levels on every device can provide good security, but can become cumbersome to manage on every device.
To simplify configuration and maintain consistency, the preferred approach is to use the Authentication, Authorisation and Accounting framework