RE: Privilege levels

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Sun May 07 2006 - 04:47:35 ART

• Next message: Kobus Van Rooyen: "Re: BGP's weight and Local Preference usage"
• Previous message: darbyweaver@yahoo.com: "Re: CCIE Assessor Scheduled for Saturday..."
• Maybe in reply to: KC: "Privilege levels"
• Next in thread: Schulz, Dave: "RE: Privilege levels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Your user you created already has access to the enable command. You didn't need to move it to privilege level 5 unless you don't want users at the lower levels (console default level, "user mode", etc) to have access to the command.

The enable command is a privilege 0 level command by default. Once you move it to level 5, all users in the lower privilege levels will not have access to it as you noticed on the console.

HTH,

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
________________________________________
From: KC [mailto:kanwal.chawla@gmail.com]
Sent: Saturday, May 06, 2006 11:18 PM
To: Brian Dennis
Cc: Cisco certification
Subject: Re: Privilege levels

So as per your suggestion, if i dont move enable command between privilege levels, by default user with privilege level 5 will be able to run all mentioned commands in Interface and privi mode ????
 
Did i understand right ?

 
On 5/6/06, Brian Dennis <bdennis@internetworkexpert.com> wrote:
You moved the "enable" command to privilege level 5 which means at
privilege level 1 (default for the console) you will not have access to
it.

It's not very common to move the enable command itself as it's the
common command used to move between privilege levels.

GW3#enable ?
<0-15> Enable level
view Set into the existing view
<cr>

GW3#enable 1
GW3>enable 15
Password:
GW3#

HTH,

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
KC
Sent: Saturday, May 06, 2006 10:56 PM
To: Cisco certification
Subject: Privilege levels

Hey Guys,

I am stuck on one question

this is waht i am configuring on one router :::-

privilege interface level 5 ip address
privilege configure level 5 interface
privilege exec level 5 enable
privilege exec level 5 configure terminal
privilege exec level 5 configure
privilege exec level 5 show running-config

username a secret level 5 cisco

line vty 0 4
login local

After this configuration , everything is working fine, when i telnet
this
router from the other,

But on the console if i do like this way ::::--\

R1>en
Translating "en"

Translating "en"
% Unknown command or computer name, or unable to find computer address

Why on console i am not able to go to privileage level

Help me Guys

• Next message: Kobus Van Rooyen: "Re: BGP's weight and Local Preference usage"
• Previous message: darbyweaver@yahoo.com: "Re: CCIE Assessor Scheduled for Saturday..."
• Maybe in reply to: KC: "Privilege levels"
• Next in thread: Schulz, Dave: "RE: Privilege levels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:21 ART