Solved: Priv level 2 on Cisco switch

win2kseries1 · ‎12-15-2015

Hello,

Someone created a cisco switch user acct with priv level 2 acess. Our IT user support uses that for limited operation, particularly for resetting switchport security. It used to work and all of a sudden the user gets error when clearing the switchport security on an interface, please see attached.

What exactly can Priv level 2 user do? Why getting that error?The account can shutdown and bring up interface, although.

I'll appreciate your help. Thanks.

Hubble

Ganesh Hariharan · ‎12-16-2015

What switch model are you using , are this switches are 2960. Because with older switches you need to type the full command as per my exp.

Try configure

privilege interface level 2 switchport port-security mac-address sticky

But when you do show run it won't show the full command.

Hope it Helps..

-GI

View solution in original post

Ganesh Hariharan · ‎12-15-2015

Hello Hubble,

By default, Cisco routers have three levels of privilege—zero, user, and privileged. Zero-level access allows only five commands—logout, enable, disable, help, and exit. User level (level 1) provides very limited read-only access to the router, and privileged level (level 15) provides complete control over the router.

Do you have running configuration of the devices, If yes you can check in the configuration that for privilege 2 users to run specific command as per below example.

Privilege 2 there would be limited access for devices as well.

Router(config)#privilege exec level 2 clear line

With above privilege 2 user would run clear line command.

Hope it Helps..

-GI

win2kseries1 · ‎12-16-2015

Thanks Ganesh.

I checked the running config and privilege all lines seem to be there, including the switchport cmd. But still getting the attached error above for the priv level 2 user. (Do you see the attachment?)

privilege interface level 2 switchport

privilege interface level 2 description
privilege configure level 2 interface
privilege exec level 2 copy running-config startup-config
privilege exec level 2 copy running-config
privilege exec level 2 copy
privilege exec level 2 write memory
privilege exec level 2 write
privilege exec level 2 configure terminal
privilege exec level 2 configure
privilege exec level 2 show startup-config
privilege exec level 2 show running-config
privilege exec level 2 show

Ganesh Hariharan · ‎12-16-2015

What switch model are you using , are this switches are 2960. Because with older switches you need to type the full command as per my exp.

Try configure

privilege interface level 2 switchport port-security mac-address sticky

But when you do show run it won't show the full command.

Hope it Helps..

-GI

win2kseries1 · ‎12-17-2015

Thank you Ganesh!

Yes they are 2960 switches. Is there a way to show the full command from a show cmd?

Because there's already a "privilege interface level 2 switchport" line and we don't know if that's already a full command. I believe it used to work.

Thanks again.

Ganesh Hariharan · ‎12-18-2015

Hello,

But as far i know when you do show run it won't show full command.

Give a try what i have given on my earlier post by issuing full command for privillage 2 level and see what is the result.

-GI

win2kseries1 · ‎12-21-2015

Yes, I added the full command and it worked. Thanks.

It's just strange because they said it used to work and no one removed the full cmd.

There's already a line "privilege interface level 2 switchport" and we couldn't tell if that's a full command. Anyway thanks for your help, it's working now.