https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/511812#M426636 <HTML><HEAD></HEAD><BODY><P>Looks like you can move commands down to level 0, and here's where it says so:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/srprt5/srdpass.htm#wp1017782" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/srprt5/srdpass.htm#wp1017782</A></P><P></P><P>'You can use level 0 to specify a subset of commands for specific users or lines. For example, you can allow user "guest" to use only the show users and exit commands.'</P><P></P><P>There's another passage in the same link that talks about how Level 0 commands don't automatically get allowed for higher levels:</P><P></P><P>'There are five commands associated with privilege level 0: disable, enable, exit, help, and logout. If you configure AAA authorization for a privilege level greater than 0, these five commands will not be included.'</P><P></P><P></P><P>So maybe that's the issue - that your level 1 user isn't inheriting level 0 command privileges because they don't pass from level 0 to higher levels.</P><P></P><P>-Mason</P></BODY></HTML> Tue, 22 Aug 2006 20:16:57 GMT mbrown 2006-08-22T20:16:57Z https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/511810#M426631 <P>Kindly help me to configure lower privilege user should be able to shutdown the fast ethernnet inteface of the switches in my LAN. </P><P>I have configure Level 1 user. who has given accesses to show interface through privilege command. Now i would like give him interface shutdown option.</P><P></P><P>below the configuration already in my switch. but the user is unable to shutdwon the interface.</P><P>===================================</P><P>switch95#sh run | includ privi</P><P>* are authorized access and the level of privilege you *</P><P>privilege configure level 0 interface</P><P>privilege configure level 0 interface all shutdown</P><P>privilege exec level 0 ping</P><P>privilege exec level 0 traceroute</P><P>privilege exec level 0 show vlan</P><P>privilege exec level 0 show interface</P><P>privilege exec level 0 configure terminal</P><P>========================================</P> Sun, 10 Mar 2019 21:42:56 GMT https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/511810#M426631 tirumalababu.e 2019-03-10T21:42:56Z https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/511811#M426635 <HTML><HEAD></HEAD><BODY><P>Can you move commands down to level 0? I've always used 1 through 15, and moved commands down from 15 to something like level 3.</P><P></P><P>-Mason</P></BODY></HTML> Tue, 22 Aug 2006 19:59:22 GMT https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/511811#M426635 mbrown 2006-08-22T19:59:22Z https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/511812#M426636 <HTML><HEAD></HEAD><BODY><P>Looks like you can move commands down to level 0, and here's where it says so:</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/srprt5/srdpass.htm#wp1017782" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_r/srprt5/srdpass.htm#wp1017782</A></P><P></P><P>'You can use level 0 to specify a subset of commands for specific users or lines. For example, you can allow user "guest" to use only the show users and exit commands.'</P><P></P><P>There's another passage in the same link that talks about how Level 0 commands don't automatically get allowed for higher levels:</P><P></P><P>'There are five commands associated with privilege level 0: disable, enable, exit, help, and logout. If you configure AAA authorization for a privilege level greater than 0, these five commands will not be included.'</P><P></P><P></P><P>So maybe that's the issue - that your level 1 user isn't inheriting level 0 command privileges because they don't pass from level 0 to higher levels.</P><P></P><P>-Mason</P></BODY></HTML> Tue, 22 Aug 2006 20:16:57 GMT https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/511812#M426636 mbrown 2006-08-22T20:16:57Z https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/511813#M426637 <HTML><HEAD></HEAD><BODY><P>Humm the priv level 0 isn't supposed to even permit login, I agree with a previous post that you should use privilege 1.</P><P></P><P>I have tried that in several customers with considerable sucess.</P></BODY></HTML> Wed, 23 Aug 2006 14:24:07 GMT https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/511813#M426637 fausto-oliveira 2006-08-23T14:24:07Z https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/4101271#M561126 <P>&nbsp;</P><P>I can't put this command:</P><PRE>privilege configure level 5 interface all shutdown</PRE><P>Thank you very much.</P> Thu, 11 Jun 2020 05:34:12 GMT https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/4101271#M561126 ปลาวาฬทราย RMUTT CPE IX 2020-06-11T05:34:12Z https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/4102680#M561184 What is the HW/SW version of the device. If you logged in via privilege level 15 user. Sat, 13 Jun 2020 14:45:53 GMT https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/4102680#M561184 poongarg 2020-06-13T14:45:53Z https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/4103195#M561213 <P>&nbsp;</P><P>WS-C3650-48TD/IOS-XE Version 03.06.08.E</P><P>and could nexus do this?</P><P>Thank you very much.</P> Mon, 15 Jun 2020 09:34:52 GMT https://community.cisco.com/t5/network-access-control/privilege-interface-shutdown/m-p/4103195#M561213 ปลาวาฬทราย RMUTT CPE IX 2020-06-15T09:34:52Z