Solved: Why is it that Configure Terminal doesnt have a Priviledge Level?

TariqMK · ‎02-09-2017

According to Cisco documentation:

privilege level 1 = non-privileged (prompt is router>), the default level for logging in

privilege level 15 = privileged (prompt is router#), the level after going into enable mode

privilege level 0 = seldom used, but includes 5 commands: disable, enable, exit, help, and logout

Source: http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/13860-PRIV.html

My question is:

Why is it that the Configure Terminal mode isn't assigned a 'Priviledged Level'?

The reason I ask is because when it comes to TACACS configuration, we have the option to add command accounting, but the common configuration is for privilege levels 0, 1 and 15.

What about for commands run in Configure Terminal mode?

Are they not logged at all? Surely they are the most important to be logged?

Richard Burts · ‎02-09-2017

By default configure terminal is a privilege level 15 command. If you enable accounting for level 15 commands it should include the configuration commands.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎02-09-2017

By default configure terminal is a privilege level 15 command. If you enable accounting for level 15 commands it should include the configuration commands.

HTH

Rick

HTH

Rick

TariqMK · ‎02-09-2017

Hi Richard,

Thanks for the concise answer. I did some testing with a Switch and ISE just before you replied and confirmed that this is indeed the case.

Much appreciated.