Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1793
Views
0
Helpful
3
Replies

Username Privilege level

acbennyma
Level 1
Level 1

‎07-13-2011 06:49 AM - edited ‎03-07-2019 01:11 AM

Dear all,

I have below configuration in switch which when the tacas is unavaliable, access switch will be via local privilege account. I have create two privilege level which one is admin with level 15, oper with level 7. I observe that when I use oper account, I can't show run and wr memeory. Is it for every privilege level (1-15) , there will be some default commands behind each privilege level which I can type? If yes, where can I check these corresponding commands refer to each privilege level ?

username admin privilege 15 secret 5 $1$iBYI$wARWlte5M8xPeoz0Tap6s.

username oper privilege 7 secret 5 $1$2Of3$EuDuuIxgKxm88wFRF3BIt/

aaa new-model

!

aaa authentication login default group tacacs+ local

aaa authentication dot1x default group radius

aaa authorization console

aaa authorization exec default group tacacs+ local

aaa authorization commands 7 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa authorization network default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

Labels:
0 Helpful
3 Replies 3

Latchum Naidu
VIP Alumni
VIP Alumni

‎07-13-2011 07:00 AM

Hi,

Look at the following lines, which are creating a new Privilege mode for a part-time administrator.

You need to set the other command after mentioned the level 7

Rtr1(config)#privilege exec level 7 ping
Rtr1(config)#privilege exec level 7 show startup-config
Rtr1(config)#privilege exec level 7 show ip route
Rtr1(config)#privilege exec level 7 show ip int brief
Rtr1(config)#enable secret level 7 tESt7

HTH

Please click on the correct answer if this answered your question.

Regards,

Naidu.

0 Helpful

acbennyma
Level 1
Level 1
In response to Latchum Naidu

‎07-13-2011 07:23 AM

Hi Naidu,

I mean I haven't create any privilege exec level 7 xxxxxxxxxxxx command , but once I create " oper" account wich privilege 7

I can also ( e.g. show interface, show interface status ). Therefore, my question is does there is some default commands behind each privilege level which I can type it.

benny

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to acbennyma

‎07-13-2011 03:25 PM

benny

While the privilege levels range up to 15 Cisco only assigns commands in level 1 and level 15. It allows you to use the assignment of privilege level as posted by Naidu to place certain commands at certain privilege levels if you choose to do so. A user at a certain level will have access to all commands assigned to that level and to commands available at lower levels. So if you have created a user at level 7 and have not assigned any commands to level 7 then effectively your level 7 user has access to all commands available at level 1 and not to any other commands.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents