Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
0
Helpful
2
Replies

Moving commands between priv levels !

illusion_rox
Level 1
Level 1

‎06-01-2009 07:34 PM - edited ‎03-10-2019 04:31 PM

Hi all, this may seem a bit stupid question but i am confused with the wordings presented on cisco docs and ppl referring here. What is meant by "moving" commands between priv levels ?

For example

username admin priv 7 pass cisco

privilege exec level 7 show running-config

Now what this command does is to allow sh run in priv 7 which is not there by default.. so its copying isnt it ? why we call it moving ? i check by going to priv 15 command and show run was still there !!!. I tried it with some other command lets say configure terminal. This makes it way to priv 7 but it was also present in priv 15. So why we call it "moving" ? pls i am not arguing just want to make sure that i get this straight :-). Is there anything i am missing ?

Labels:
0 Helpful
2 Replies 2

ansalaza
Level 1
Level 1

‎06-02-2009 05:01 AM

By default, there are three privilege levels on the router.

privilege level 1 = non-privileged (prompt is router>), the default level for logging in

privilege level 15 = privileged (prompt is router#), the level after going into enable mode

privilege level 0 = seldom used, but includes 5 commands: disable, enable, exit, help, and logout.

You could call it moving or copying, the end goal is to allow users in a lower privilege level to have access to the high level command...

0 Helpful

bretjaquish
Level 3
Level 3

‎06-02-2009 05:40 AM

I think the "moving" terminology is confusing, but here is what they must mean:

By default, you should be able to access commands at your level and BELOW.

So you move the "show runnning-config" down to level 7 with the command you issued above.

Now Level 7 and above users may use the command.

The problem with that command is that it references a bunch of other commands "within the output" of show running-config. I bet when you login as level 7 and issue "sh run" that the config will be missing huge chunks of data if not everything.

The easiest way to accomplish the "sh run" command is to have ACS. You would give that user level 15 access and then restrict them to issuing just the "sh run" command.

0 Helpful
Customers Also Viewed These Support Documents