Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2478
Views
3
Helpful
5
Replies

Can I disable some commands to privilege level 2 users?

Go to solution
s.souroutis
Level 1
Level 1

‎06-10-2004 06:30 AM - edited ‎03-10-2019 07:52 AM

Hello,

I am trying to configure some users with different privileges on a 7505 router.

I'm using the aaa method local on the 7505.

I'm not using a RADIUS or TACACS server.

I did create some users with privilege level 15 and some with privilege level 2 but I want some users to have access only on the show command.

The problem is that if a level 2 user has the level 15 enable password he can have full access. I want to disable the command enable 15 for all privilege level 2 users.

Can I do that?

Thank you

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
didier.wiroth
Level 1
Level 1

‎06-16-2004 11:02 PM

Hi,

This works for other commands (I don't have cli to test right now), so this should work:

Move hte enable command to level 3 or any other upper level you want:

privilege exec level 3 enable

View solution in original post

0 Helpful

Go to solution
jodilovell
Level 1
Level 1
In response to didier.wiroth

‎06-17-2004 01:28 AM

Hi,

Moving the enable command to a different level should work but what you can also do is configure separate enable passwords for the various levels if the users at level 2 require some enable level commands.

enable secret level {0 |5} password-string

View solution in original post

0 Helpful
5 Replies 5

Go to solution
didyap
Level 6
Level 6

‎06-16-2004 12:09 PM

Guess this can be done. Use the privilege exec command.

Go to solution
didier.wiroth
Level 1
Level 1

‎06-16-2004 11:02 PM

Hi,

This works for other commands (I don't have cli to test right now), so this should work:

Move hte enable command to level 3 or any other upper level you want:

privilege exec level 3 enable

0 Helpful

Go to solution
jodilovell
Level 1
Level 1
In response to didier.wiroth

‎06-17-2004 01:28 AM

Hi,

Moving the enable command to a different level should work but what you can also do is configure separate enable passwords for the various levels if the users at level 2 require some enable level commands.

enable secret level {0 |5} password-string

0 Helpful

Go to solution
s.souroutis
Level 1
Level 1
In response to jodilovell

‎06-17-2004 11:35 PM

Thank you all. I used the privilege exec level 3 enable command to move the enable command to level 3. This works fine.

0 Helpful

Go to solution
jeff
Level 1
Level 1
In response to s.souroutis

‎08-24-2004 05:12 PM

I have a Cisco router running aaa new-model authentication with local usernames. I have a username that I would like to have only access to the exec prompt only with the ability to execute the show run command. I've tried the suggestions in this thread but I seem to be missing something, because when I sign in with the username with privilege level 2 and with a enable secret level 2, I still have to use the default enable secret password eventually giving the username level 15 access.

Can someone suggest the commands I need to restrict a username to only the "show running-configuration" command?

Thanks for any help

Jeff

0 Helpful
Customers Also Viewed These Support Documents