Cisco Privilege Level Configuration

Hello Experts,

I'm trying to set the privilege level a router so that 'show' commands aren't allowed. Also, I don't want configuration commands permitted on the router.

I attempted this with, the following command:

rotuername(config)#username testusr privilege 1

However, when I  login with testusr I still see that the privilege level is 15

I'm sure its something very simple that I'm missing.

Any thoughts?

Cheers

cpatte7372
cpatte7372Asked:
Who is Participating?
 
cpatte7372Author Commented:
I just needed to add enable level to the user.

Thanks anyway
0
 
Daniel SheppardNetwork Administrator/Engineer/ArchitectCommented:
If you enable'd, the privledge will automatically go to 15.

You will want to integrate your enable command with aaa.

aaa authorization enable default enable
aaa authorization exec default local if-authenticated

Open in new window


Try this out.  Leave a SSH session open and initiate a new session to ensure it works.
0
 
cpatte7372Author Commented:
Hi Daniel,

Thanks for responding.

I'm not using aaa authentication.
I'm using login local.

Can you show me the equivalent commands for local login?

Cheers mate.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
cpatte7372Author Commented:
Experts,

I don't think I've made myself clear.

I don't want certain users to be able to issue the command 'show run' while in enable mode.

Thanks
0
 
Daniel SheppardNetwork Administrator/Engineer/ArchitectCommented:
You will need to switch to AAA, using login local, the users needs to "enable" using the enable password.  If you switch to AAA, they will enable with their own password.

These commands will get you setup with "local" AAA:

aaa new-model
aaa authentication login default local
aaa authorization exec default local

Open in new window

0
 
cpatte7372Author Commented:
Daniel,

Just to be clear, if I implement your suggestion, users won't be able to issue the 'show run' command, correct?

Cheers
0
 
cpatte7372Author Commented:
Any help would be appreciated....
0
 
cpatte7372Author Commented:
I just needed to add enable level to the user.

Thanks anyway
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.