438
Chapter 11
Access Policies
Privileged Levels
By default, all Cisco devices have two privilege levels: user mode and privi-
lege mode. If you have a large network with many administrators, you
should set usernames and passwords for each administrator. This will allow
you to monitor each administrator and the changes they make to any device.
This becomes a problem when each administrator has different duties;
they should not all have the same amount of access to Cisco devices. By set-
ting additional privilege levels, you can effectively provide each user with the
ability to perform certain commands without giving them the opportunity to
modify the configuration or even perform a debug on a device. The privilege
mode, by default, allows a user to perform all commands, view and change
the configuration, and run debugging commands. You probably would not
want all administrators to have full privilege mode capabilities.
There are 16 different levels of privilege that can be set, 015. By default,
user mode is level 1 and the highest privilege mode is 15. Level 0 is used to
set up a very limited subset of commands for a specific user or line.
To set up privilege modes, use the privilege global configuration
command:
Router(config)#privilege ?
alps-ascu ALPS ASCU configuration mode
alps-circuit ALPS circuit configuration mode
atmsig_e164_table_mode ATMSIG E164 Table
configure Global configuration mode
controller Controller configuration mode
crypto-map Crypto map config mode
crypto-transform Crypto transform config mode
dhcp DHCP pool configuration mode
exec Exec mode
flow-cache Flow aggregation cache config mode
interface Interface configuration mode
interface-dlci Frame Relay dlci configuration mode
ipenacl IP named extended access-list config-
uration mode
ipsnacl IP named simple access-list config-
uration mode
ipx-router IPX router configuration mode
Copyright ©2000 SYBEX , Inc., Alameda, CA
www.sybex.com