PG1X

My Knowledge Base

User Tools

Site Tools


tech:network:cisco:privilege-level-exec:privilege-level-exec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
tech:network:cisco:privilege-level-exec:privilege-level-exec [2019/08/15 18:22]
wnoguchi
tech:network:cisco:privilege-level-exec:privilege-level-exec [2019/08/18 14:24] (current)
wnoguchi
Line 14: Line 14:
  
 Cisco 1841 15.1(4)M10 Cisco 1841 15.1(4)M10
 +
 +===== Configuration =====
  
 <​code>​ <​code>​
 configure terminal configure terminal
 ! !
-username ​test01 ​privilege 10 secret ​test01 +username ​user1 secret snakeoil 
-username ​test02 ​privilege 15 secret ​test02+username user2 privilege 10 secret ​godisexist 
 +username ​user3 privilege 15 secret ​superman 
 +
 +enable secret level 10 middle 
 +enable secret god
 ! !
 interface FastEthernet 0/0 interface FastEthernet 0/0
  ip address 10.0.8.123 255.255.255.0  ip address 10.0.8.123 255.255.255.0
 + no shutdown
 +!
 +privilege exec level 10 configure terminal
 +privilege exec level 10 show running-config
 +privilege exec level 10 show startup-config
 +! input later
 +privilege exec level 1 show
 ! !
 line vty 0 15 line vty 0 15
Line 32: Line 45:
 end end
 </​code>​ </​code>​
 +
 +==== Verification ====
  
 ++++ Console Log | ++++ Console Log |
  
 <​code>​ <​code>​
-wnoguchi@kozue:~$ telnet 10.0.8.123+wnoguchi@kotone:~$ telnet 10.0.8.123
 Trying 10.0.8.123... Trying 10.0.8.123...
 Connected to 10.0.8.123. Connected to 10.0.8.123.
Line 44: Line 59:
 User Access Verification User Access Verification
  
-Username: ​test01 +Username: ​user1 
-Password: +Password:  
-R1#conf t +Login invalid
-      ^ +
-Invalid input detected at '​^'​ marker.+
  
-R1#sh clock +Username: user1 
-22:54:58.456 UTC Wed Aug 14 2019 +Password:  
-R1#cop +R1>en 
-R1#copy sta +Password 
-R1#copy star +Password:  
-R1#copy running-config startup-config +Password: ​ 
-     ​^+% Bad secrets 
 + 
 +R1>sh priv 
 +    ^
 % Invalid input detected at '​^'​ marker. % Invalid input detected at '​^'​ marker.
  
-R1#+R1>​sh ​
-Exec commands: +% Unrecognized command 
-  <​1-99          Session number to resume +R1>en  
-  ​access-enable ​   Create a temporary Access-List entry +Password: ​ 
-  ​access-profile ​  Apply user-profile to interface +R1#sh priv 
-  ​clear ​           Reset functions +Current privilege level is 15 
-  ​connect ​         Open a terminal connection +R1#conf t 
-  ​crypto ​          ​Encryption related ​commands. +Enter configuration ​commands, one per line.  ​End with CNTL/Z
-  disable ​         Turn off privileged commands +R1(config)#^Z
-  disconnect ​      ​Disconnect an existing network connection +
-  emm              Run a configured Menu System +
-  enable ​          Turn on privileged commands +
-  ethernet ​        ​Ethernet parameters +
-  exit             Exit from the EXEC +
-  help             ​Description of the interactive help system +
-  ips              Intrusion Prevention System +
-  lat              Open a lat connection +
-  lig              LISP Internet Groper +
-  lock             Lock the terminal +
-  login            Log in as a particular user +
-  logout ​          Exit from the EXEC +
-  modemui ​         Start a modem-like user interface +
-  mrinfo ​          ​Request neighbor and version information from a multicast router +
-  mstat            Show statistics after multiple multicast traceroutes +
-  mtrace ​          Trace reverse multicast path from destination to source +
-  name-connection ​ Name an existing network connection +
-  pad              Open a X.29 PAD connection +
-  ​ping ​            Send echo messages +
-  ppp              Start IETF Point-to-Point Protocol (PPP) +
-  radius ​          ​radius exec commands +
-  release ​         Release a resource +
-  renew            Renew a resource +
-  resume ​          ​Resume an active network connection +
-  rlogin ​          Open an rlogin connection +
-  set              Set system parameter ​(not config) +
-  show             Show running system information +
-  slip             Start Serial-line IP (SLIP) +
-  ssh              Open a secure shell client connection +
-  systat ​          ​Display information about terminal lines +
-  tclquit ​         Quit Tool Command Language shell +
-  telnet ​          Open a telnet connection +
-  terminal ​        Set terminal line parameters +
-  tn3270 ​          Open a tn3270 connection +
-  traceroute ​      Trace route to destination +
-  trm              Trend Registration Module +
-  tunnel ​          Open a tunnel connection +
-  udptn            Open an udptn connection +
-  where            List active connections +
-  x28              Become an X.28 PAD +
-  x3               Set X.3 parameters on PAD +
 R1#logout R1#logout
 Connection closed by foreign host. Connection closed by foreign host.
-wnoguchi@kozue:~$ telnet 10.0.8.123+wnoguchi@kotone:~$ telnet 10.0.8.123
 Trying 10.0.8.123... Trying 10.0.8.123...
 Connected to 10.0.8.123. Connected to 10.0.8.123.
Line 119: Line 93:
 User Access Verification User Access Verification
  
-Username: ​test02 +Username: ​user1 
-Password:+Password: ​ 
 +R1>en 10 
 +Password:  
 +Password:  
 +R1#sh priv 
 +Current privilege level is 10 
 +R1#sh ru 
 +R1#sh running-config | i user 
 +! Last configuration change at 05:12:06 UTC Sun Aug 18 2019 by user1 
 +R1#sh running-config ​         
 +Building configuration... 
 + 
 +Current configuration : 122 bytes 
 +
 +! Last configuration change at 05:12:06 UTC Sun Aug 18 2019 by user1 
 +boot-start-marker 
 +boot-end-marker 
 +
 +
 +
 +
 +
 +
 +end 
 + 
 +R1#sh sta            
 +R1#sh star 
 +R1#sh startup-config  
 +Using 974 out of 196600 bytes 
 +
 +! Last configuration change at 23:13:13 UTC Wed Aug 14 2019 
 +version 15.1 
 +service timestamps debug datetime msec 
 +service timestamps log datetime msec 
 +no service password-encryption 
 +
 +hostname R1 
 +
 +boot-start-marker 
 +boot-end-marker 
 +
 +
 +
 +no aaa new-model 
 +
 +dot11 syslog 
 +ip source-route 
 +
 +
 +
 +
 +!          
 +ip cef 
 +no ip domain lookup 
 +no ipv6 cef 
 +
 +multilink bundle-name authenticated 
 +
 +crypto pki token default removal timeout 0 
 +
 +
 +
 +
 +license udi pid CISCO1841 sn FHK1107102U 
 +
 +redundancy 
 +
 +
 +!  
 +
 +
 +
 +
 +
 +!          
 +interface FastEthernet0/​0 
 + ip address dhcp 
 + ​duplex auto 
 + speed auto 
 +
 +interface FastEthernet0/​1 
 + no ip address 
 + ​shutdown 
 + ​duplex auto 
 + speed auto 
 +
 +interface Serial0/​0/​0 
 + no ip address 
 + ​shutdown 
 + no fair-queue 
 + clock rate 2000000 
 +
 +ip forward-protocol nd 
 +no ip http server 
 +no ip http secure-server 
 +
 +
 +!          
 +
 +
 +
 +
 +
 +
 +control-plane 
 +
 +
 +
 +line con 0 
 + ​exec-timeout 0 0 
 + ​logging synchronous 
 +line aux 0 
 +line vty 0 4 
 + ​login 
 + ​transport input all 
 +
 +scheduler allocate 20000 1000 
 +end 
 + 
 +R1#sh priv 
 +Current privilege level is 10
 R1#conf t R1#conf t
 Enter configuration commands, one per line.  End with CNTL/Z. Enter configuration commands, one per line.  End with CNTL/Z.
 R1(config)#​^Z R1(config)#​^Z
-R1#copy running-config startup-config +R1#en 15  
-Destination filename [startup-config]?​ no +Password:  
-%Error copying nvram:no (Invalid argument) +R1#sh priv 
-R1#copy running-config startup-config +Current privilege level is 15 
-Destination filename [startup-config]? ​ +R1#en 
-Building ​configuration..+R1#sh run | i user 
-[OK] +! Last configuration ​change at 05:14:12 UTC Sun Aug 18 2019 by user1 
-R1# +username user1 secret 5 $1$3uCj$mX0bA7ydlvu8hW4iIU47d
-</code>+username user2 privilege 10 secret 5 $1$ZRsH$6bnNLeYHu6UkaIaFMMf0n1 
 +username user3 privilege 15 secret 5 $1$KNnH$J70NyIsXID5SozkHnYtWI. 
 +R1#logout  
 +Connection closed by foreign host. 
 +wnoguchi@kotone:​~$ telnet 10.0.8.123\ 
 +^C 
 +wnoguchi@kotone:​~$ telnet 10.0.8.123 
 +Trying 10.0.8.123... 
 +Connected to 10.0.8.123. 
 +Escape character is '​^]'​.
  
-<​code>​ +User Access Verification 
-R1>sh privilege + 
-Current privilege level is 1 +Username: user2 
-R1>en +Password: ​ 
-R1#sh privil +R1#sh priv 
-R1#sh privilege ​ +Current privilege level is 10
-Current privilege level is 15+
 R1#conf t R1#conf t
 Enter configuration commands, one per line.  End with CNTL/Z. Enter configuration commands, one per line.  End with CNTL/Z.
-R1(config)#userna +R1(config)#privi 
-R1(config)#username test01 pri +R1(config)#privil 
-R1(config)#username test01 privilege 10 se +R1(config)#priv  ​ 
-R1(config)#username test01 privilege 10 secret test01sec +R1(config)#privi 
-R1(config)#username test02 pri +R1(config)#privile 
-R1(config)#username test02 privilege 15 secret test02sec +R1(config)#privile 
-R1(config)#do sh run | i username +R1(config)#priv?  ​ 
-username test01 privilege 10 secret 5 $1$Sntk$uitgUJVuNr6NsGLk0F/​J.1 +% Unrecognized command 
-username test02 privilege 15 secret 5 $1$dDvR$Zl/​vSUBDcTQaFJUh1em3k. +R1(config)#int f0/
-R1(config)#line +           ​^
-R1(config)#​line vty 15 +
-R1(config-line)#​log +
-R1(config-line)#​logi +
-R1(config-line)#​login lo +
-R1(config-line)#​login local  +
-R1(config-line)#​exit +
-R1(config)#​lin +
-R1(config)#​line conso +
-R1(config)#​disable ​       +
-             ​^+
 % Invalid input detected at '​^'​ marker. % Invalid input detected at '​^'​ marker.
  
-R1(config)# ​ 
-R1(config)# 
-R1(config)# 
 R1(config)#​^Z R1(config)#​^Z
-R1# +R1#enable 
-*Aug 15 02:​16:​09.987:​ %SYS-5-CONFIG_I:​ Configured from console by console+Password:  
 +R1#sh priv 
 +Current privilege level is 15
 R1#disable R1#disable
 R1>​logout R1>​logout
- +Connection closed by foreign host
- +wnoguchi@kotone:​~$ telnet ​10.0.8.123 
- +Trying ​10.0.8.123..
- +Connected ​to 10.0.8.123
- +Escape character ​is '​^]'​.
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
-R1 con0 is now available +
- +
- +
- +
- +
- +
-Press RETURN to get started+
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
-R1>en +
-R1#conf t +
-Enter configuration commands, one per line.  End with CNTL/Z. +
-R1(config)#​int f0/0 +
-R1(config-if)#​ip address ​10.0.8.123 ​255.255.255.0 +
-R1(config-if)#​no shut +
-R1(config-if)#​do ping 10.0.8.254 +
-Type escape sequence to abort+
-Sending 5, 100-byte ICMP Echos to 10.0.8.254, timeout is 2 seconds: +
-!!!!! +
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms +
-R1(config-if)#​exit +
-R1(config)#​line console 0 +
-R1(config-line)#​logi +
-R1(config-line)#​login local +
-R1(config-line)#​logout +
-% Incomplete command+
- +
-R1(config-line)#​exit +
-R1(config)#​exit +
-R1#logout +
-*Aug 15 02:​24:​06.911:​ %SYS-5-CONFIG_I:​ Configured from console by console +
-R1#logout +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
- +
-R1 con0 is now available +
- +
- +
- +
- +
- +
-Press RETURN to get started. +
- +
- +
- +
- +
- +
- +
- +
- +
- +
  
 User Access Verification User Access Verification
  
-Username: ​test02+Username: ​user3
 Password: ​ Password: ​
-R1#sh pri 
 R1#sh priv R1#sh priv
-R1#sh privilege ​ 
 Current privilege level is 15 Current privilege level is 15
-R1#   +R1#conf t 
-</code> +Enter configuration commands, one per line.  End with CNTL/Z. 
- +R1(config)#​pri 
-<​code>​ +R1(config)#​privi 
-wnoguchi@kozue:~$ telnet 10.0.8.123+R1(config)#​privilege exe le 
 +R1(config)#​privilege exec leve  
 +R1(config)#​privilege exec level 1 show 
 +R1(config)#​^Z 
 +R1#logout 
 +Connection closed by foreign host. 
 +wnoguchi@kotone:~$ telnet 10.0.8.123
 Trying 10.0.8.123... Trying 10.0.8.123...
 Connected to 10.0.8.123. Connected to 10.0.8.123.
 Escape character is '​^]'​. Escape character is '​^]'​.
- 
  
 User Access Verification User Access Verification
  
-Username: ​test01+Username: ​user1
 Password: ​ Password: ​
-R1#configu +R1>sh priv 
-R1#​configure terminal +Current privilege level is 1 
-      ^ +R1>logout
-% Invalid input detected at '​^'​ marker. +
- +
-R1#era +
-R1#erase +
-R1#erase startup-config +
-    ^ +
-% Invalid input detected at '​^'​ marker. +
- +
-R1#sh run | i user +
-       ^ +
-% Invalid input detected at '​^'​ marker. +
- +
-R1#sh clock +
-*02:​22:​24.691 UTC Thu Aug 15 2019 +
-R1#sh privi +
-R1#sh privilege ​ +
-Current privilege level is 10 +
-R1#logout+
 Connection closed by foreign host. Connection closed by foreign host.
 +wnoguchi@kotone:​~$ ​
 </​code>​ </​code>​
- 
-++++ 
  
 <​code>​ <​code>​
Line 358: Line 310:
 R1# R1#
 </​code>​ </​code>​
- 
-<​code>​ 
-configure terminal 
-! 
-privilege exec level 10 configure 
-enable password level 10 Cisco55 
-! 
-end 
-</​code>​ 
- 
-++++ Console Log | 
  
 <​code>​ <​code>​
Line 453: Line 394:
   eigrp_af_classic_submode ​       Address Family configuration mode   eigrp_af_classic_submode ​       Address Family configuration mode
           ​           ​
-R1(config)#​privilege sho 
-R1(config)#​privilege int 
-R1(config)#​privilege inter    ​ 
-R1(config)#​privilege interface ​ 
-R1(config)#​privilege interface ? 
-  all    All suboption will be set to the samelevel 
-  level  Set privilege level of command 
-  reset  Reset privilege level of command 
- 
-R1(config)#​privilege exe        
-R1(config)#​privilege exec leve 
-R1(config)#​privilege exec level ? 
-  <​0-15> ​ Privilege level 
- 
-R1(config)#​privilege exec level 10 ? 
-  LINE  Initial keywords of the command to modify 
- 
-R1(config)#​privilege exec level 10 confi? 
-LINE    <cr> 
- 
-R1(config)#​privilege exec level 10 configure 
-R1(config)#​en 
-R1(config)#​enab 
-R1(config)#​enable se 
-R1(config)#​enable secret ? 
-  0      Specifies an UNENCRYPTED password will follow 
-  5      Specifies a MD5 HASHED secret will follow 
-  8      Specifies a PBKDF2 HASHED secret will follow 
-  9      Specifies a SCRYPT HASHED secret will follow 
-  LINE   The UNENCRYPTED (cleartext) '​enable'​ secret 
-  level  Set exec level password 
- 
-R1(config)#​enable secret le 
-R1(config)#​enable passwo ​         
-R1(config)#​enable password leve 
-R1(config)#​enable password level 10 Cisco55 
-% Converting to a secret. ​ Please use "​enable secret"​ in the future. 
- 
-R1(config)#​no enable password level 10 Cisco55 
-R1(config)#​enable secret level 10 Cisco55 
-R1(config)#​end  ​ 
-R1# 
-*Aug 15 02:​57:​50.031:​ %SYS-5-CONFIG_I:​ Configured from console by test02 on console 
-R1#logout 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
  
  
 +</​code>​
  
 +===== Jump to privileged exec mode immediately =====
  
 +this is useful for verification use.
  
 +<​code>​
 +configure terminal
 +!
 +interface FastEthernet 0/0
 + ip address 10.0.8.123 255.255.255.0
 + no shutdown
 +!
 +line vty 0 15
 + login
 + ​privilege level 15
 + ​password iamgod
 +!
 +line console 0
 + login
 + ​privilege level 15
 + ​password iamgod
 +!
 +end
 +</​code>​
  
 +==== Verification ====
  
 +<​code>​
 R1 con0 is now available R1 con0 is now available
  
Line 540: Line 435:
  
  
- 
- 
- 
- 
-User Access Verification 
- 
-Username: test01 
-Password: ​ 
-R1#sh run 
-       ^ 
-% Invalid input detected at '​^'​ marker. 
- 
-R1#conf t 
-        ^ 
-% Invalid input detected at '​^'​ marker. 
- 
-R1#​configure 
-Configuring from terminal, memory, or network [terminal]? ​ 
-Enter configuration commands, one per line.  End with CNTL/Z. 
-R1(config)#​inter 
-R1(config)#​int f0/0 
-           ^ 
-% Invalid input detected at '​^'​ marker. 
- 
-R1(config)#?​ 
-Configure commands: 
-  beep     ​Configure BEEP (Blocks Extensible Exchange Protocol) 
-  call     ​Configure Call parameters 
-  default ​ Set a command to its defaults 
-  end      Exit from configure mode 
-  exit     Exit from configure mode 
-  help     ​Description of the interactive help system 
-  license ​ Configure license features 
-  netconf ​ Configure NETCONF 
-  no       ​Negate a command or set its defaults 
-  oer      Optimized Exit Routing configuration submodes 
-  pfr      Performance Routing configuration submodes 
-  sasl     ​Configure SASL 
-  wsma     ​Configure Web Services Management Agents 
- 
-R1(config)#​end 
-R1# 
-*Aug 15 02:​59:​09.111:​ %SYS-5-CONFIG_I:​ Configured from console by test01 on console 
-R1#​configure terminal 
-             ^ 
-% Invalid input detected at '​^'​ marker. 
- 
-R1#enable 
-R1#​configure terminal 
-Enter configuration commands, one per line.  End with CNTL/Z. 
-R1(config)#​^Z 
-R1# 
-*Aug 15 02:​59:​39.775:​ %SYS-5-CONFIG_I:​ Configured from console by test01 on console 
-R1#disable 
-R1>sh privilege 
-Current privilege level is 1 
-R1>​enable 
-R1#sh privilege 
-Current privilege level is 15 
-R1#disable 
-R1>​logout 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
- 
-R1 con0 is now available 
- 
- 
- 
- 
- 
-Press RETURN to get started. 
  
  
Line 652: Line 446:
 User Access Verification User Access Verification
  
-Username: test01 
 Password: ​ Password: ​
-R1#sh pri +R1#sh priv 
-R1#sh privi +Current privilege level is 15
-R1#sh privilege ​ +
-Current privilege level is 10+
 R1#conf t R1#conf t
-        ^ 
-% Invalid input detected at '​^'​ marker. 
- 
-R1#​configure 
-Configuring from terminal, memory, or network [terminal]? ​ 
 Enter configuration commands, one per line.  End with CNTL/Z. Enter configuration commands, one per line.  End with CNTL/Z.
-R1(config)#​^Z+R1(config)#​^Z ​     
 +R1#sh r 
 +*Aug 18 05:​23:​34.630:​ %SYS-5-CONFIG_I:​ Configured from console by console 
 +R1#sh run | i priv 
 +username user2 privilege 10 secret 5 $1$ZRsH$6bnNLeYHu6UkaIaFMMf0n1 
 +username user3 privilege 15 secret 5 $1$KNnH$J70NyIsXID5SozkHnYtWI. 
 +privilege exec level 10 configure terminal 
 +privilege exec level 10 configure 
 +privilege exec level 10 show startup-config 
 +privilege exec level 10 show running-config 
 +privilege exec level 1 show 
 + ​privilege level 15 
 + ​privilege level 15 
 + ​privilege level 15
 R1# R1#
-*Aug 15 03:​00:​31.163:​ %SYS-5-CONFIG_I:​ Configured from console by test01 on console 
-R1#conf t 
-        ^ 
-% Invalid input detected at '​^'​ marker. 
- 
-R1#enable 
-R1#sh privi 
-R1#sh privilege ​ 
-Current privilege level is 15 
-R1#en            
-R1#enable ? 
-  <​0-15> ​ Enable level 
-  view    Set into the existing view 
-  <cr> 
- 
-R1#enable 10 
-R1#sh pri 
-R1#sh privi 
-R1#sh privilege ​ 
-Current privilege level is 10 
-R1#conf t 
-        ^ 
-% Invalid input detected at '​^'​ marker. 
- 
- 
-</​code>​ 
- 
-++++ 
- 
-===== Jump to privileged exec mode immediately ===== 
- 
-<​code>​ 
-configure terminal 
-! 
-line vty 0 15 
- ​privilege level 15 
- login 
- ! important!! 
- ​password test03 
-! 
-end 
-</​code>​ 
- 
-<​code>​ 
-Trying 10.0.8.123... 
-Connected to 10.0.8.123. 
-Escape character is '​^]'​. 
- 
-User Access Verification 
- 
-Password: ​ 
-R1#conf t 
-Enter configuration commands, one per line.  End with CNTL/Z. 
-R1(config)#​^Z 
-R1#sh priv 
-Current privilege level is 15 
-R1#logout 
-Connection closed by foreign host. 
 </​code>​ </​code>​
  
Line 733: Line 474:
  
   - [[https://​www.infraexpert.com/​study/​aaaz09.html|Cisco IOS - privilege levelとprivilege execの設定]]   - [[https://​www.infraexpert.com/​study/​aaaz09.html|Cisco IOS - privilege levelとprivilege execの設定]]
 +  - [[https://​www.cisco.com/​c/​en/​us/​td/​docs/​ios-xml/​ios/​security/​m1/​sec-m1-cr-book/​sec-cr-p2.html#​wp7303105770|Cisco IOS Security Command Reference: Commands M to R - ppp accounting through quit [Support & Downloads] - Cisco]]
 +  - [[http://​www.n-study.com/​network/​2006/​09/​cisco_telnet_1.html|Ciscoデバイスの管理 Telnetによるリモート管理 その1 (ネットワークのおべんきょしませんか? Cisco CCNA/​CCNP/​CCIE、ネットワークスペシャリスト試験の勉強にピッタリ)]]
  
tech/network/cisco/privilege-level-exec/privilege-level-exec.1565860963.txt.gz · Last modified: 2019/08/15 18:22 by wnoguchi