Hi Omer,
There are 16 levels, 0-15. By default, privilege level 15 users can issue all commands, while a privilege level 1 user can issue most show commands, and many other commands (not including configure terminal). Context help can be used to see many of the commands available in a specific privilege level.
What everyone calls "user mode" is privilege level 1. What everyone calls "privileged mode" is privilege level 15. By default, a user can issue any commands that have been assigned to the level they are currently in, or lower.
Alain is right on the money. Traditionally, we would carve out and use custom levels 2-14 if needed. If not using TACACS+ to control what commands are available, one of the best options is the Parser View, When in a specific View, we can control what the commands user is able to issue, even if they are at level 15.
NDC-R1>show privilege
Current privilege level is 1
NDC-R1>?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
clear Reset functions
connect Open a terminal connection
credential load the credential info from file system
crypto Encryption related commands.
disable Turn off privileged commands
disconnect Disconnect an existing network connection
dot11 IEEE 802.11 commands
emm Run a configured Menu System
enable Turn on privileged commands
ethernet Ethernet parameters
exit Exit from the EXEC
help Description of the interactive help system
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
modemui Start a modem-like user interface
mrinfo Request neighbor and version information from a multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
pad Open a X.29 PAD connection
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
radius radius exec commands
release Release a resource
renew Renew a resource
resume Resume an active network connection
rlogin Open an rlogin connection
set Set system parameter (not config)
show Show running system information
slip Start Serial-line IP (SLIP)
ssh Open a secure shell client connection
systat Display information about terminal lines
tclquit Quit Tool Command Language shell
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
trm Trend Registration Module
tunnel Open a tunnel connection
udptn Open an udptn connection
webvpn WebVPN exec command
where List active connections
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD
NDC-R1>enable
NDC-R1#show privilege
Current privilege level is 15
NDC-R1#?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
access-template Create a temporary Access-List entry
archive manage archive files
audio-prompt load ivr prompt
auto Exec level Automation
beep Blocks Extensible Exchange Protocol commands
bfe For manual emergency modes setting
calendar Manage the hardware calendar
call Voice call
ccm-manager Call Manager Application exec commands
cd Change current directory
clear Reset functions
clock Manage the system clock
cns CNS agents
configure Enter configuration mode
connect Open a terminal connection
copy Copy from one file to another
credential load the credential info from file system
crypto Encryption related commands.
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
disable Turn off privileged commands
disconnect Disconnect an existing network connection
dot11 IEEE 802.11 commands
dot1x IEEE 802.1X Exec Commands
emadmin Extension Mobility Commands
emm Run a configured Menu System
enable Turn on privileged commands
eou EAPoUDP
ephone-hunt ephone hunt exec command
erase Erase a filesystem
ethernet Ethernet parameters
event Event related commands
exit Exit from the EXEC
file-acct File mode accounting exec command
flush File mode accounting flush options
format Format a filesystem
help Description of the interactive help system
if-mgr IF-MGR operations
isdn Run an ISDN EXEC command on an ISDN interface
license License information
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
microcode microcode commands
modemui Start a modem-like user interface
monitor Monitoring different system events
more Display the contents of a file
mpls MPLS commands
mrinfo Request neighbor and version information from a multicast
router
mrm IP Multicast Routing Monitor Test
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
no Disable debugging functions
pad Open a X.29 PAD connection
partition Partition disk
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
pwd Display current working directory
radius radius exec commands
redundancy Redundancy Facility (RF) exec commands
release Release a resource
reload Halt and perform a cold restart
rename Rename a file
renew Renew a resource
restart Restart Connection
resume Resume an active network connection
rlogin Open an rlogin connection
rsh Execute a remote command
send Send a message to other tty lines
set Set system parameter (not config)
setup Run the SETUP command facility
show Show running system information
slip Start Serial-line IP (SLIP)
spec-file format spec file commands
squeeze Squeeze a filesystem
ssh Open a secure shell client connection
start-chat Start a chat-script on a line
systat Display information about terminal lines
tarp TARP (Target ID Resolution Protocol) commands
tclquit Quit Tool Command Language shell
tclsafe Tool Command Language shell SAFE mode
tclsh Tool Command Language shell
telnet Open a telnet connection
terminal Set terminal line parameters
test Test subsystems, memory, and interfaces
traceroute Trace route to destination
trm Trend Registration Module
tunnel Open a tunnel connection
udptn Open an udptn connection
undebug Disable debugging functions (see also 'debug')
upgrade Upgrade commands
verify Verify a file
vlan Configure VLAN parameters
voice Voice Commands
vtp Configure global VTP state
webvpn WebVPN exec command
where List active connections
which-route Do OSI route table lookup and display results
write Write running configuration to memory, network, or terminal
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD
xconnect Xconnect EXEC commands
NDC-R1#enable 0
NDC-R1>?
Exec commands:
disable Turn off privileged commands
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
logout Exit from the EXEC
NDC-R1>
NDC-R1>show privilege
^
% Invalid input detected at '^' marker.
NDC-R1>
Privilege 0 doesn't even have the ability to issue the show command.
Best wishes,
Please rate if it helps.
