No i cannot becuse it is on a

laurendvir · ‎10-21-2014

Hi,

I would like to know ie i can restrict a user in level 1 to have the option to get in to "enable mode" level 15?

I know that i can configure password, but i would like that he will not have the option even if the user have the password...

Regards,

Lauren Vaillancourt.

InayathUlla Sharieff · ‎10-21-2014

Lauren,

Here is hte answer:

http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/23383-showrun.html

aaa new-model
aaa authentication login default local
aaa authorization exec default local

username john privilege 9 password 0 doe
username six privilege 6 password 0 six
username poweruser privilege 15 password poweruser
username inout password inout
username inout privilege 15 autocommand show running

privilege configure level 8 snmp-server community 
privilege exec level 6 show running 
privilege exec level 8 configure terminal

To understand this example, it is necessary to understand privilege levels. By default, there are three command levels on the router:

privilege level 0 — Includes the disable, enable, exit, help, and logout commands.
privilege level 1 — Normal level on Telnet; includes all user-level commands at the router> prompt.
privilege level 15 — Includes all enable-level commands at the router# prompt.

Commands available at a particular level in a particular router can be found by typing a ? at the r

HTH

Regards

Inayath

laurendvir · ‎10-23-2014

Hi,

I tryed it but the user that i put in priv 0 or 1 is able to get in to the enable mode and config t.

can it be becuse of my ios version 15???

InayathUlla Sharieff · ‎10-23-2014

Can yoiu paste your config?

laurendvir · ‎10-25-2014

No i cannot becuse it is on a spreat secret network.

Restrict privileged EXEC mode to a user in Cisco 3750g