Privilege Levels
Cisco IOS provides 16 advantage levels alignment from 0 to 15. By default, there are three predefined user levels in IOS:
Privilege akin 0 includes the attenuate , accredit , avenue , advice , and logout commands.
Privilege akin 1 is the User EXEC approach . This is the accustomed akin on Telnet and includes all user-level commands at the
Router> prompt.
Privilege akin 15 is the Privileged EXEC approach (also accepted as enabled mode). It includes all enable-level commands the Router# prompt.
All Cisco IOS commands are pre-assigned to levels 0, 1, or 15. Levels 2 through 14 are accessible as user-defined (customized)
modes.
The all-around agreement advantage {mode } akin {level } command is accessible to change, move, or set a advantage for a
command to any of these levels. The {mode} refers to altered modes on the router, such as exec or configure.
The band agreement approach advantage akin {level } command is acclimated to change the absence advantage akin for a accustomed band accumulation of lines.
Example 3-1 shows a user annual "yusuf" created with advantage akin 5, and several IOS (privilege 15) commands are confused akin 5 to be accessible for this user.
Example 3-1. Configuring Advantage Level
Router(config)# username yusuf advantage 5 countersign cisco
Router(config)# advantage exec akin 5 appearance run
Router(config)# advantage exec all akin 5 clear
Router(config)# advantage exec akin 5 address memory
Router(config)# advantage exec akin 5 configure terminal
Router(config)# advantage configure akin 5 interface
Although the antecedent archetype shows bounded authentication, added granularities in ascendancy of the accessory can be accomplished with the
implementation of TACACS+ Command allotment application the AAA archetype (discussed in Part II of this book). RADIUS does
not abutment Command authorization.
The command appearance advantage displays the accepted advantage level. The accredit countersign akin command can be acclimated to set countersign for a accurate advantage level.