• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 375
  • Last Modified:

Cisco Router - Ready Only Account


I'm running an Cisco 3845 and currently only have one account, privilege level 15, for my admin functions.

Cisco levels appear to go from 1-15.  What level would I use to allow read only access (via terminal and console) to the running config, and other show commands.  I also want to allow read only access to SDM (if thats possible)

2 Solutions
You can create user privilege levels, and define the commands that you want each level to be able to execute:

By default, if you set up a user name and password without adding the privilege argument, the user will have a level of 1. That's probably where you want to be. It'll allow them to go to enable mode only if they have the enable password.

For security purposes, I'd recommend that you do the same- set up an unprivileged user name and password (you can keep the existing admin one, but change the privilege level to 1), and an "enable secret" password that gets you to the administrative functions. By using prvilege level 15, you're bypassing the enable password entirely.

Enable secret has much better encryption than enable, so you can't use the many decryptors out there to get the enable password if you're using enable secret.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now