RE: OT: Default Privilege Levels

From: David L Stewart (D.Stewart@mail.UTexas.edu)
Date: Sat Sep 14 2002 - 07:42:42 GMT-3

• Next message: Szeto Jeff: "Bgp question"
• Previous message: Noel.MacFadden@swisscom.com: "RE: set cam / span"
• Maybe in reply to: Frank Jimenez: "OT: Default Privilege Levels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

User (disabled) exec mode is priv level 1. Enabled exec
mode is priv level 15. Use the "sh priv" command to see
what it is. Under the line, you can set the default
priv level with "privi lev 15". Privilege levels go
from 0 to 15. This is only for lines (con, aux and vty).

As other folks were stating, you can assign commands to
be in different privi levels. When you do, and you change
to that privi level, the "?" will list the commands
allowed. Some practice may be needed if only a specific
command is to be enabled at a privi level. Usually the
whole family of commands is allowed if the first word
is allowed. To allow a specific command, the whole
command needs to be specified.

Dave
-
At 09:14 PM 9/13/2002, Frank Jimenez wrote:
>Thanks all -
>
>I didn't state my original question well. What I was looking for was
>something that stated what was considered 'level 15' by default. I
>didn't know about the 'level 0' commands, so that was interesting - what
>commands are 'level 15'?
>
>Frank Jimenez
>franjime@cisco.com
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>michael liu
>Sent: Friday, September 13, 2002 7:32 PM
>To: ccielab@groupstudy.com
>Subject: RE: OT: Default Privilege Levels
>
>
>you could change privilege level for specific command, if you use
>privilege command to
>
>specify what level that command is allowed to execute.
>
>
>
>~ml
>
> >From: Brian Dennis >Reply-To: Brian Dennis >To:
>Danny.Wang@alderwoods.com >CC: ccielab@groupstudy.com >Subject: RE: OT:
>Default Privilege Levels >Date: Fri, 13 Sep 2002 15:55:32 -0700 > >Are
>you referring to this site? > >http://boerland.com/dotu/ > >Brian
>Dennis, CCIE #2210 (R&S/ISP Dial) > >-----Original Message----- >From:
>Danny.Wang@alderwoods.com [mailto:Danny.Wang@alderwoods.com] >Sent:
>Friday, September 13, 2002 3:43 PM >To: Brian Dennis >Cc:
>ccielab@groupstudy.com; nobody@groupstudy.com >Subject: RE: OT: Default
>Privilege Levels > > >Unless he's looking for some undocumented command.
>I've seen a web site >before, just could not find it now. > >To see the
>availabe command's privilege level you're using, enter ? at >the
> >command line when logged in at that privilege level if there is router
> >availabe
>:-) > > > > > > > Brian Dennis > > To: >ccielab@groupstudy.com > Sent
>by:
>cc: > > nobody@groupstudy Subject: RE: OT: Default >Privilege Levels >
>.com > > > > > > 09/13/2002 02:33 > > PM > > Please respond to > > Brian
>Dennis > > > > > > > > > >I think he was asking if there is somewhere
>where each command's >privilege level is documented. > >The only thing
>that I've seen is in the documentation they use the term >EXEC and
>privileged EXEC which I interpret as level 1 and level 15. > >Brian
>Dennis, CCIE #2210 (R&S/ISP Dial) > > > >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>
> >Danny.Wang@alderwoods.com >Sent: Friday, September 13, 2002 1:59 PM
> >>To:
>Frank Jimenez >Cc: ccielab@groupstudy.com >Subject: Re: OT: Default
>Privilege Levels > >By default, there are three privilege levels on the
>router: > privilege level 1 = non-privileged (prompt is router>), the
> >default > level for login > privilege level 15 = privileged (prompt is
>router#), the level >after > going into enable mode > privilege level 0
>= seldom-used, but includes 5 commands: disable, > enable, exit, help,
>and logout > > >Levels 2-14 are not used in a default configuration, but
>commands that >are >normally at level 15 can be moved down to one of
>those levels and >commands >that are normally at level 1 can be moved up
>to one of those levels. >Obviously, this security model involves some
>administration on the >router. >To determine the privilege-level as a
>logged in user, type the show >privilege command. > > > > > > > > > > >
>"Frank Jimenez" > > > > om> cc: > > Sent by: Subject: OT: Default
> >Privilege Levels > nobody@groupstudy > > .com > > > > > > 09/13/2002
>01:33 > > PM > > Please respond to > > "Frank Jimenez" > > > > > > > > >
> >All, >Anyone know of a resource that shows the default privilege levels
>of IOS >commands? > >Thanks, >Frank Jimenez, CCIE #5738
> >franjime@cisco.com
>
>------------------------------------------------------------------------
>
>MSN Photos is the easiest way to share and print your photos: Click Here

• Next message: Szeto Jeff: "Bgp question"
• Previous message: Noel.MacFadden@swisscom.com: "RE: set cam / span"
• Maybe in reply to: Frank Jimenez: "OT: Default Privilege Levels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:51 GMT-3