System information

ManualsBrandsCisco ManualsComputer equipmentCatalyst 3750X-48PF

Cisco Cat3K ST 6 June 2012

TOE SFRs How the SFR is Met

(such as show ip accounting, show ip aliases, show ip bgp, and so on) will be

available at privilege level 5.

The privilege command is used to move commands from one privilege level to

another in order to create the additional levels of administration. The default

configuration permits two types of users to access the CLI. The first type of user

is a person who is only allowed to access user EXEC mode. The second type of

user is a person who is allowed access to privileged EXEC mode. A user who is

only allowed to access user EXEC mode is not allowed to view or change the

configuration of the networking device, or to make any changes to the

operational status of the networking device. On the other hand, a user who is

allowed access to privileged EXEC mode can make any change to a networking

device that is allowed by the CLI.

Following is an example for setting the privilege levels for staff that are usually

not allowed to run all of the commands available in privileged EXEC mode

(privilege level 15) on a networking device. They are prevented from running

commands that they are not authorized for by not being granted access to the

password assigned to privileged EXEC mode or to other levels that have been

configured on the networking device.

The steps and commands show setting privilege level 7 with access to two

commands, clear counters and reload.

Step 1 enable password

Enters privileged EXEC mode. Enter the password

when prompted.

Router> enable

Step 2 configure terminal

Enters global configuration mode.

Router# configure terminal

Step 3 enable secret level level password

Configures a new enable secret password for

privilege level 7.

Router(config)# enable secret level 7 Zy72sKj

Step 4 privilege exec level level command-string

Changes the privilege level of the clear counters

command from privilege level 15 to privilege level

Router(config)# privilege exec level 7 clear counters

Step 5 privilege exec all level level command-string

Changes the privilege level of the reload command

from privilege level 15 to privilege level 7.

Router(config)# privilege exec all level 7 reload

Step 6 end

Exits global configuration mode.

Router(config)# end

The following example shows the enforcement of the settings above and

privilege levels.

Step 1 enable level password

Logs the user into the networking device at the

privilege level specified for the level argument.

Router> enable 7 Zy72sKj