PG1X WIKI

My Knowledge Base

User Tools

Site Tools


tech:network:cisco:privilege-level-exec:privilege-level-exec

Cisco privilege level, privilege exec configuration

Blueprint

  • CCIE R&S
    • Written v5.1
      • 5.0 Infrastructure Security
        • 5.1 Device security
          • 5.1.d [ii] Local privilege authorization fallback
    • Lab v5.0
      • N/A

Cisco 1841 15.1(4)M10

Configuration

configure terminal
!
username user1 secret snakeoil
username user2 privilege 10 secret godisexist
username user3 privilege 15 secret superman
!
enable secret level 10 middle
enable secret god
!
interface FastEthernet 0/0
 ip address 10.0.8.123 255.255.255.0
 no shutdown
!
privilege exec level 10 configure terminal
privilege exec level 10 show running-config
privilege exec level 10 show startup-config
! input later
privilege exec level 1 show
!
line vty 0 15
 login local
!
line console 0
 login local
!
end

Verification

++++ Console Log |

wnoguchi@kotone:~$ telnet 10.0.8.123
Trying 10.0.8.123...
Connected to 10.0.8.123.
Escape character is '^]'.


User Access Verification

Username: user1
Password: 
% Login invalid

Username: user1
Password: 
R1>en
Password: 
Password: 
Password: 
% Bad secrets

R1>sh priv
    ^
% Invalid input detected at '^' marker.

R1>sh ?
% Unrecognized command
R1>en 
Password: 
R1#sh priv
Current privilege level is 15
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#^Z
R1#logout
Connection closed by foreign host.
wnoguchi@kotone:~$ telnet 10.0.8.123
Trying 10.0.8.123...
Connected to 10.0.8.123.
Escape character is '^]'.

User Access Verification

Username: user1
Password: 
R1>en 10
Password: 
Password: 
R1#sh priv
Current privilege level is 10
R1#sh ru
R1#sh running-config | i user
! Last configuration change at 05:12:06 UTC Sun Aug 18 2019 by user1
R1#sh running-config         
Building configuration...

Current configuration : 122 bytes
!
! Last configuration change at 05:12:06 UTC Sun Aug 18 2019 by user1
boot-start-marker
boot-end-marker
!
!
!
!
!
!
end

R1#sh sta           
R1#sh star
R1#sh startup-config 
Using 974 out of 196600 bytes
!
! Last configuration change at 23:13:13 UTC Wed Aug 14 2019
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!         
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FHK1107102U
!
redundancy
!
!
! 
!
!
!
!
!
!         
interface FastEthernet0/0
 ip address dhcp
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 no fair-queue
 clock rate 2000000
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!         
!
!
!
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
end

R1#sh priv
Current privilege level is 10
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#^Z
R1#en 15 
Password: 
R1#sh priv
Current privilege level is 15
R1#en
R1#sh run | i user
! Last configuration change at 05:14:12 UTC Sun Aug 18 2019 by user1
username user1 secret 5 $1$3uCj$mX0bA7ydlvu8hW4iIU47d.
username user2 privilege 10 secret 5 $1$ZRsH$6bnNLeYHu6UkaIaFMMf0n1
username user3 privilege 15 secret 5 $1$KNnH$J70NyIsXID5SozkHnYtWI.
R1#logout 
Connection closed by foreign host.
wnoguchi@kotone:~$ telnet 10.0.8.123\
> ^C
wnoguchi@kotone:~$ telnet 10.0.8.123
Trying 10.0.8.123...
Connected to 10.0.8.123.
Escape character is '^]'.

User Access Verification

Username: user2
Password: 
R1#sh priv
Current privilege level is 10
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#privi
R1(config)#privil
R1(config)#priv  
R1(config)#privi
R1(config)#privile
R1(config)#privile
R1(config)#priv?  
% Unrecognized command
R1(config)#int f0/0
           ^
% Invalid input detected at '^' marker.

R1(config)#^Z
R1#enable
Password: 
R1#sh priv
Current privilege level is 15
R1#disable
R1>logout
Connection closed by foreign host.
wnoguchi@kotone:~$ telnet 10.0.8.123
Trying 10.0.8.123...
Connected to 10.0.8.123.
Escape character is '^]'.

User Access Verification

Username: user3
Password: 
R1#sh priv
Current privilege level is 15
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#pri
R1(config)#privi
R1(config)#privilege exe le
R1(config)#privilege exec leve 
R1(config)#privilege exec level 1 show
R1(config)#^Z
R1#logout
Connection closed by foreign host.
wnoguchi@kotone:~$ telnet 10.0.8.123
Trying 10.0.8.123...
Connected to 10.0.8.123.
Escape character is '^]'.

User Access Verification

Username: user1
Password: 
R1>sh priv
Current privilege level is 1
R1>logout
Connection closed by foreign host.
wnoguchi@kotone:~$ 
R1>show privilege
Current privilege level is 1
R1>enable
R1#show privilege 
Current privilege level is 15
R1#
User Access Verification

Username: test02
Password: 
R1#sh pri
R1#sh priv
R1#sh privilege 
Current privilege level is 15
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#pri
R1(config)#privi
R1(config)#privilege ?
  RITE-profile                    Router IP traffic export profile command mode
  RMI-Node-Config                 Resource Policy Node Config mode
  RMI-Resource-Group              Resource Group Config mode
  RMI-Resource-Manager            Resource Manager Config mode
  RMI-Resource-Policy             Resource Policy Config mode
  SASL-profile                    SASL profile configuration mode
  aaa-attr-list                   AAA attribute list config mode
  aaa-user                        AAA user definition
  accept-dialin                   VPDN group accept dialin configuration mode
  accept-dialout                  VPDN group accept dialout configuration mode
  acct_mlist                      AAA accounting methodlist definitions
  address-family                  Address Family configuration mode
  alps-ascu                       ALPS ASCU configuration mode
  alps-circuit                    ALPS circuit configuration mode
  archive                         Archive the router configuration mode
  atm-vc-config                   ATM virtual circuit configuration mode
  bba-group                       BBA Group configuration mode
  bgp address-family              Address Family configuration mode
  boomerang                       Boomerang configuration mode
  call-filter-matchlist           Call Filter matchlist configuration mode
  call-home                       call-home config mode
  call-home-profile               call-home profile config mode
  cascustom                       Cas custom configuration mode
  cfg-af-topo                     Configure non-base topology mode
  cm-ac                           AC-AC connect configuration mode
  cns-connect-config              CNS Connect Info Mode
  cns-connect-intf-config         CNS Connect Intf Info Mode
  cns-tmpl-connect-config         CNS Template Connect Info Mode
  cns_inventory_submode           CNS Inventory SubMode
  conf-attr-map                   LDAP attribute map config mode
  conf-ldap-server                LDAP server config mode
  conf-ldap-sg                    LDAP server group config mode
  conf-rad-server                 RADIUS server config mode
  conf-tac-server                 Tacacs Server Definition
  config-l2tp-class               l2tp-class configuration mode
  configure                       Global configuration mode
  congestion                      Frame Relay congestion configuration mode
  conn                            Connection configuration mode
  control-class-map               control-classmap config mode
  controller                      Controller configuration mode
  cpf-classmap                    Class-map configuration mode
  cpf-policyclass                 Class-in-Policy configuration mode
  cpf-policymap                   Policy-map configuration mode
  crypto-identity                 Crypto identity config mode
  crypto-ipsec-profile            IPSec policy profile mode
  crypto-keyring                  Crypto Keyring command mode
  crypto-map                      Crypto map config mode
  crypto-map-fail-close           Crypto map fail close mode
  crypto-transform                Crypto transform config mode
  cwmp                            CWMP configuration mode
  dfp-submode                     DFP config mode
  dhcp                            DHCP pool configuration mode
  dhcp-class                      DHCP class configuration mode
  dhcp-pool-class                 Per DHCP pool class configuration mode
  dhcp-relay-info                 DHCP class relay agent info configuration
                                  mode
  dhcp-subnet-secondary           Per DHCP secondary subnet configuration mode
  dns-view                        DNS View configuration mode
  dns-view-list                   DNS View-list configuration mode
  dns-view-list-member            DNS View-list member configuration mode
  dot11qosclass                   Access class configuration mode
  dot1x-credential-mode           dot1x credential profile configuration mode
  dynupd-http                     Dynamic DNS update HTTP configuration mode
  dynupd-method                   Dynamic DNS update method configuration mode
  ecfm                            Ethernet CFM configuration mode
  ecfm_mep_int                    Ethernet CFM Interface MEP configuration mode
  ecfm_srv                        Ethernet CFM Service configuration mode
  eigrp_af_classic_submode        Address Family configuration mode
          

Jump to privileged exec mode immediately

this is useful for verification use.

configure terminal
!
interface FastEthernet 0/0
 ip address 10.0.8.123 255.255.255.0
 no shutdown
!
line vty 0 15
 login
 privilege level 15
 password iamgod
!
line console 0
 login
 privilege level 15
 password iamgod
!
end

Verification

R1 con0 is now available





Press RETURN to get started.












User Access Verification

Password: 
R1#sh priv
Current privilege level is 15
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#^Z     
R1#sh r
*Aug 18 05:23:34.630: %SYS-5-CONFIG_I: Configured from console by console
R1#sh run | i priv
username user2 privilege 10 secret 5 $1$ZRsH$6bnNLeYHu6UkaIaFMMf0n1
username user3 privilege 15 secret 5 $1$KNnH$J70NyIsXID5SozkHnYtWI.
privilege exec level 10 configure terminal
privilege exec level 10 configure
privilege exec level 10 show startup-config
privilege exec level 10 show running-config
privilege exec level 1 show
 privilege level 15
 privilege level 15
 privilege level 15
R1#

References

tech/network/cisco/privilege-level-exec/privilege-level-exec.txt · Last modified: 2019/08/18 14:24 by wnoguchi