Router, Switch, ASA priviledge levels

i am trying to lcokdown my cisco equipment and need some assistance.

i created a test account and assigned in a 7 priviledge; why is it i am able to create a user account with a higher privilidge level?  

what i am looking to do is to lock down all of the accounts and limit the changes to our equipment.
johnkesoglouAsked:
Who is Participating?
 
atlas_shudderedConnect With a Mentor Sr. Network EngineerCommented:
johnk

The privilege levels are not preset with rights, you have to configure.  If I remember correctly, anything 6 and under logs as a 0 by default and anything 7 or higher logs at 15.  To get the granularity you are looking for you will need to configure each privilege level with the appropriate access to commands to perform the functions you specify.

To get deeper instruction on this, refer to the link I posted earlier.

Cheers
0
 
atlas_shudderedSr. Network EngineerCommented:
Your new account is provisioning with default privileging at creation.  To limit access you will need to configure the privilege level with the access/permissioning you wish it to levy.  For more information on how to configure privilege level authorizations, reference the following documentation from Cisco -

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftprienh.html#wp1027184

Cheers
0
 
Sniper98GCommented:
By default the only privilege levels configured on a Cisco device are 0 and 15. All the others must be configured by you for what you want them to be able to do.
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 
johnkesoglouAuthor Commented:
what i am looking to do is to lock down all of the accounts and limit the changes to our equipment.
0
 
Sniper98GCommented:
How much equipment do you have?
You may want to look into an ACS server. It supports a much greater degree of granularity and would allow you keep all of your accounts centrally.
0
 
johnkesoglouAuthor Commented:
we have 6 devices....nothing that crazy.  

it seems as if people dont understand what i am asking.

i need to restrict accounts on my ASA from being able to make any changes to the firewall.  i.e. creating users is one of them.  i assumed that by lowering the pirvilidge number it reduced the amount of rights an acount can have but that isnt the case.  

0
 
Sniper98GCommented:
To do what you want will require allot of manual permission configuration on these devices. The guide that atlas put up contains instructions on how to do this but it will take a great deal of time to get this working how you want it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.