Professional Documents
Culture Documents
Cisco Privilege Levels
Cisco Privilege Levels
Configuration
It is important to secure your Cisco devices by configuring and implementing username
and password protection and assigning different Cisco privilege levels to control and
restrict access to the CLI. Hence, protecting the devices from unauthorized access. In
this article, we will discuss how to configure user accounts and how to associate them
to the different Cisco privilege levels. Then, we’ll take a deep dive into their purposes
and functions, as well as their importance in network security design.
Level 0 – Zero-level access only allows five commands- logout, enable, disable, help
and exit.
Level 1 – User-level access allows you to enter in User Exec mode that provides very
limited read-only access to the router.
Level 15 – Privilege level access allows you to enter in Privileged Exec mode and
provides complete control over the router.
NOTE
By default, Line level security has a privilege level of 1 (con, aux, and vty lines ).
Let’s try to verify the output of our configuration by logging in to each user. Enter the
username and the corresponding password, starting with admin1.
Username: admin1
Password:
Router>?
Exec commands:
Router>
Notice in the output above that the user admin1 is under User Exec mode and has only
five commands- logout, enable, disable, help, and exit. Now, let’s log in as admin2.
Username: admin2
Password:
Router#show privilege
The output above shows that user admin2 is currently in level 15, and we verified that
by typing the ‘show privilege’ command on the CLI. Notice also that we are in
Privileged Exec mode. Lastly, let’s log in as admin3.
Username: admin3
Password:
Router>show privilege
Router>
When we logged in as admin3, we verified that it was in level 1 by typing the ‘show
privilege’ command on the CLI. Notice that we are in User Exec mode.
Let’s now assign privilege level 5 to a user. After that, we will configure privilege level 5
users to be in User Exec mode and allow them to use the ‘show running-
config’ command.
Username: admin4
Password:
Router#show running-config
Building configuration...
boot-start-marker
boot-end-marker
end
Router#
Username: admin5
Password:
Router>show running-config
Router>enable 5
Password:
R4#show privilege
Router#show running-config
Building configuration...
boot-start-marker
boot-end-marker
end
Router#
In our first attempt, notice in the example above that we do not have access to
the ‘show running-configuration’ command. That is because we are currently under
privilege level 0. However, we can log in as a privilege level 5 user with the ‘enable
{privilege level}’ command, and from there, we can now access the ‘show running-
configuration’ command.