Table of Contents
Advertisement
Protecting Access to Privileged EXEC Commands
Configuring Multiple Privilege Levels
By default, the Cisco IOS software has two modes of password security: user EXEC and privileged
EXEC. You can configure up to 16 hierarchical levels of commands for each mode. By configuring
multiple passwords, you can allow different sets of users to have access to specified commands.
For example, if you want many users to have access to the clear line command, you can assign it
level 2 security and distribute the level 2 password fairly widely. But if you want fewer users to have
access to the configure command, you can assign it level 3 security and distribute that password to a
smaller group of users.
Setting the Privilege Level for a Command
To set the privilege level for a command mode, follow these steps, beginning in privileged EXEC mode:
Command
Step 1
configure terminal
Step 2
privilege mode level level command
Step 3
enable password level level password
Step 4
end
Step 5
show running-config
or
show privilege
Step 6
copy running-config startup-config
When you set a command to a privilege level, all commands whose syntax is a subset of that command
are also set to that level. For example, if you set the show ip route command to level 15, the show
commands and show ip commands are automatically set to privilege level 15 unless you set them
individually to different levels.
To return to the default privilege for a given command, use the no privilege mode level level command
command in global configuration mode.
Cisco 3200 Series Wireless MIC Software Configuration Guide
10
Purpose
Enters global configuration mode.
Sets the privilege level for a command.
For mode, enter configure for global configuration mode, exec for
•
EXEC mode, interface for interface configuration mode, or line for
line configuration mode.
For level, the range is from 0 to 15. Level 1 is for normal user EXEC
•
mode privileges. Level 15 is the level of access permitted by the
enable password.
•
For command, specify the command to which you want to restrict
access.
Specifies the enable password for the privilege level.
For level, the range is from 0 to 15. Level 1 is for normal user EXEC
•
mode privileges.
For password, specify a string from 1 to 25 alphanumeric characters.
•
The string cannot start with a number, it is case sensitive, and it
allows spaces but ignores leading spaces. By default, no password is
defined.
Returns to privileged EXEC mode.
Verifies your entries.
The show running-config command displays the password and access
level configuration. The show privilege command displays the privilege
level configuration.
(Optional) Saves your entries in the configuration file.
Administering the WMIC
Hide quick links:
Advertisement
Table of Contents
