Buy or Renew
Buy or Renew
Join the Catalyst Center Onboarding Ask Me Anything event happening now!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6913
Views
0
Helpful
4
Replies

Switch Privilege 7 Access and Secret Password

Rajan R
Level 1
Level 1

‎06-07-2017 01:16 AM - edited ‎03-08-2019 10:53 AM

Hello, Gave a user Privilege 7 access. But when he uses the enable password, user gets full access. IF i create a enable password with privilege 7, the switch does not accept the password. What am I doing wrong ? Thanks
1 person had this problem
Labels:
0 Helpful
4 Replies 4

Mark Malone
VIP Alumni
VIP Alumni

‎06-07-2017 03:21 AM

Can you post exactly what you have configured for that user or lock him down using priv exec level commands so you can tell him what he can cant use in enable

http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfpass.html#wp1001357

Defining an Enable Password for System Operators Examples

In the following example, you define an enable password for privilege level 10 for system operators and make clear and debug commands available to anyone with that privilege level enabled.

enable password level 10 pswd10


privilege exec level 10 clear line


privilege exec level 10 debug ppp chap


privilege exec level 10 debug ppp error


privilege exec level 10 debug ppp negotiation

The following example lowers the privilege level of the more system:running-config command and most configuration commands to operator level so that the configuration can be viewed by an operator. It leaves the privilege level of the configure command at 15. Individual configuration commands are displayed in the more system:running-config output only if the privilege level for a command has been lowered to 10. Users are allowed to see only those commands that have a privilege level less than or equal to their current privilege level.

enable password level 15 pswd15


privilege exec level 15 configure


enable password level 10 pswd10


privilege exec level 10 more system:running-config

Disabling a Privilege Level Example

In the following example, the show ip route command is set to privilege level 15. To keep all show ip and show commands from also being set to privilege level 15, these commands are specified to be privilege level 1.

privilege exec level 15 show ip route


privilege exec level 1 show ip


privilege exec level 1 show
0 Helpful

Rajan R
Level 1
Level 1
In response to Mark Malone

‎06-08-2017 11:35 PM

Thanks a lot Mark for your response.

I have a user with privilege 7. I created a enabled password with privilege 7, but when i login with the user and use the enable password, the switch does not accept it.

Thanks

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to Rajan R

‎06-09-2017 12:12 AM

Hi can you post what way you have set the config up , I cant really offer more without seeing the config side , if you certain its right could be something buggy with the ios version for the privilege

0 Helpful

paul driver
VIP
VIP
In response to Rajan R

‎06-09-2017 03:38 AM

Hello
Below is a example for limited privilege access I use for our local desktop guys to enpower them to enable access ports.

Example:
username LBS privilege 2 secret 5 $1$YoS9$I2HyxidT7YpDcNAMePHbR1

privilege interface level 1 spanning-tree portfast
privilege interface level 1 spanning-tree
privilege interface level 1 storm-control
privilege interface level 1 switchport
privilege interface level 1 description
privilege interface level 1 default spanning-tree portfast
privilege interface level 1 default spanning-tree
privilege interface level 1 default storm-control
privilege interface level 1 default switchport
privilege interface level 1 default description
privilege interface level 1 no spanning-tree portfast
privilege interface level 1 no spanning-tree
privilege interface level 1 no storm-control
privilege interface level 2 no shutdown
privilege interface level 1 no switchport
privilege interface level 1 no description
privilege interface level 2 no
privilege interface level 2 shutdown
privilege interface level 2 default shutdown

privilege configure level 2 interface
privilege configure level 2 default interface
privilege configure level 2 no interface


privilege exec level 1 show running-config
privilege exec level 1 show
privilege exec level 1 do-exec show running-config
privilege exec level 1 do-exec show

privilege exec level 2 configure terminal
privilege exec level 2 configure
privilege exec level 2 do-exec configure terminal
privilege exec level 2 do-exec configure

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card