10-21-2014 02:30 AM - edited 03-07-2019 09:11 PM
Hi,
I would like to know ie i can restrict a user in level 1 to have the option to get in to "enable mode" level 15?
I know that i can configure password, but i would like that he will not have the option even if the user have the password...
Regards,
Lauren Vaillancourt.
10-21-2014 04:25 AM
Lauren,
Here is hte answer:
http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/23383-showrun.html
aaa new-model aaa authentication login default local aaa authorization exec default local username john privilege 9 password 0 doe username six privilege 6 password 0 six username poweruser privilege 15 password poweruser username inout password inout username inout privilege 15 autocommand show running privilege configure level 8 snmp-server community privilege exec level 6 show running privilege exec level 8 configure terminal
To understand this example, it is necessary to understand privilege levels. By default, there are three command levels on the router:
privilege level 0 — Includes the disable, enable, exit, help, and logout commands.
privilege level 1 — Normal level on Telnet; includes all user-level commands at the router> prompt.
privilege level 15 — Includes all enable-level commands at the router# prompt.
Commands available at a particular level in a particular router can be found by typing a ? at the r
HTH
Regards
Inayath
10-23-2014 12:06 AM
Hi,
I tryed it but the user that i put in priv 0 or 1 is able to get in to the enable mode and config t.
can it be becuse of my ios version 15???
10-23-2014 05:07 AM
Can yoiu paste your config?
10-25-2014 10:52 PM
No i cannot becuse it is on a spreat secret network.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide