Differences

This shows you the differences between two versions of the page.

--- tech:network:cisco:privilege-level-exec:privilege-level-exec [2019/08/15 18:22]
wnoguchi
+++ tech:network:cisco:privilege-level-exec:privilege-level-exec [2019/08/18 14:24] (current)
wnoguchi
@@ Line 14: / Line 14: @@
 Cisco 1841 15.1(4)M10
+===== Configuration =====
 <code>
 configure terminal
 !
-username test01 privilege 10 secret test01
+username user1 secret snakeoil
-username test02 privilege 15 secret test02
+username user2 privilege 10 secret godisexist
+username user3 privilege 15 secret superman
+!
+enable secret level 10 middle
+enable secret god
 !
 interface FastEthernet 0/0
  ip address 10.0.8.123 255.255.255.0
+ no shutdown
+!
+privilege exec level 10 configure terminal
+privilege exec level 10 show running-config
+privilege exec level 10 show startup-config
+! input later
+privilege exec level 1 show
 !
 line vty 0 15
@@ Line 32: / Line 45: @@
 end
 </code>
+==== Verification ====
 ++++ Console Log |
 <code>
-wnoguchi@kozue:~$ telnet 10.0.8.123
+wnoguchi@kotone:~$ telnet 10.0.8.123
 Trying 10.0.8.123...
 Connected to 10.0.8.123.
@@ Line 44: / Line 59: @@
 User Access Verification
-Username: test01
+Username: user1
 Password:
-R1#conf t
+% Login invalid
-      ^
-% Invalid input detected at '^' marker.
-R1#sh clock
+Username: user1
-:54:58.456 UTC Wed Aug 14 2019
+Password:
-R1#cop
+R1>en
-R1#copy sta
+Password:
-R1#copy star
+Password:
-R1#copy running-config startup-config
+Password:
-     ^
+% Bad secrets
+R1>sh priv
+    ^
 % Invalid input detected at '^' marker.
-R1#?
+R1>sh ?
-Exec commands:
+% Unrecognized command
-  <1-99>           Session number to resume
+R1>en
-  access-enable    Create a temporary Access-List entry
+Password:
-  access-profile   Apply user-profile to interface
+R1#sh priv
-  clear            Reset functions
+Current privilege level is 15
-  connect          Open a terminal connection
+R1#conf t
-  crypto           Encryption related commands.
+Enter configuration commands, one per line.  End with CNTL/Z.
-  disable          Turn off privileged commands
+R1(config)#^Z
-  disconnect       Disconnect an existing network connection
-  emm              Run a configured Menu System
-  enable           Turn on privileged commands
-  ethernet         Ethernet parameters
-  exit             Exit from the EXEC
-  help             Description of the interactive help system
-  ips              Intrusion Prevention System
-  lat              Open a lat connection
-  lig              LISP Internet Groper
-  lock             Lock the terminal
-  login            Log in as a particular user
-  logout           Exit from the EXEC
-  modemui          Start a modem-like user interface
-  mrinfo           Request neighbor and version information from a multicast router
-  mstat            Show statistics after multiple multicast traceroutes
-  mtrace           Trace reverse multicast path from destination to source
-  name-connection  Name an existing network connection
-  pad              Open a X.29 PAD connection
-  ping             Send echo messages
-  ppp              Start IETF Point-to-Point Protocol (PPP)
-  radius           radius exec commands
-  release          Release a resource
-  renew            Renew a resource
-  resume           Resume an active network connection
-  rlogin           Open an rlogin connection
-  set              Set system parameter (not config)
-  show             Show running system information
-  slip             Start Serial-line IP (SLIP)
-  ssh              Open a secure shell client connection
-  systat           Display information about terminal lines
-  tclquit          Quit Tool Command Language shell
-  telnet           Open a telnet connection
-  terminal         Set terminal line parameters
-  tn3270           Open a tn3270 connection
-  traceroute       Trace route to destination
-  trm              Trend Registration Module
-  tunnel           Open a tunnel connection
-  udptn            Open an udptn connection
-  where            List active connections
-  x28              Become an X.28 PAD
-  x3               Set X.3 parameters on PAD
 R1#logout
 Connection closed by foreign host.
-wnoguchi@kozue:~$ telnet 10.0.8.123
+wnoguchi@kotone:~$ telnet 10.0.8.123
 Trying 10.0.8.123...
 Connected to 10.0.8.123.
@@ Line 119: / Line 93: @@
 User Access Verification
-Username: test02
+Username: user1
 Password:
+R1>en 10
+Password:
+Password:
+R1#sh priv
+Current privilege level is 10
+R1#sh ru
+R1#sh running-config | i user
+! Last configuration change at 05:12:06 UTC Sun Aug 18 2019 by user1
+R1#sh running-config
+Building configuration...
+Current configuration : 122 bytes
+!
+! Last configuration change at 05:12:06 UTC Sun Aug 18 2019 by user1
+boot-start-marker
+boot-end-marker
+!
+!
+!
+!
+!
+!
+end
+R1#sh sta
+R1#sh star
+R1#sh startup-config
+Using 974 out of 196600 bytes
+!
+! Last configuration change at 23:13:13 UTC Wed Aug 14 2019
+version 15.1
+service timestamps debug datetime msec
+service timestamps log datetime msec
+no service password-encryption
+!
+hostname R1
+!
+boot-start-marker
+boot-end-marker
+!
+!
+!
+no aaa new-model
+!
+dot11 syslog
+ip source-route
+!
+!
+!
+!
+!
+ip cef
+no ip domain lookup
+no ipv6 cef
+!
+multilink bundle-name authenticated
+!
+crypto pki token default removal timeout 0
+!
+!
+!
+!
+license udi pid CISCO1841 sn FHK1107102U
+!
+redundancy
+!
+!
+!
+!
+!
+!
+!
+!
+!
+interface FastEthernet0/0
+ ip address dhcp
+ duplex auto
+ speed auto
+!
+interface FastEthernet0/1
+ no ip address
+ shutdown
+ duplex auto
+ speed auto
+!
+interface Serial0/0/0
+ no ip address
+ shutdown
+ no fair-queue
+ clock rate 2000000
+!
+ip forward-protocol nd
+no ip http server
+no ip http secure-server
+!
+!
+!
+!
+!
+!
+!
+!
+!
+control-plane
+!
+!
+!
+line con 0
+ exec-timeout 0 0
+ logging synchronous
+line aux 0
+line vty 0 4
+ login
+ transport input all
+!
+scheduler allocate 20000 1000
+end
+R1#sh priv
+Current privilege level is 10
 R1#conf t
 Enter configuration commands, one per line.  End with CNTL/Z.
 R1(config)#^Z
-R1#copy running-config startup-config
+R1#en 15
-Destination filename [startup-config]? no
+Password:
-%Error copying nvram:no (Invalid argument)
+R1#sh priv
-R1#copy running-config startup-config
+Current privilege level is 15
-Destination filename [startup-config]?
+R1#en
-Building configuration...
+R1#sh run | i user
-[OK]
+! Last configuration change at 05:14:12 UTC Sun Aug 18 2019 by user1
-R1#
+username user1 secret 5 $1$3uCj$mX0bA7ydlvu8hW4iIU47d.
-</code>
+username user2 privilege 10 secret 5 $1$ZRsH$6bnNLeYHu6UkaIaFMMf0n1
+username user3 privilege 15 secret 5 $1$KNnH$J70NyIsXID5SozkHnYtWI.
+R1#logout
+Connection closed by foreign host.
+wnoguchi@kotone:~$ telnet 10.0.8.123\
+> ^C
+wnoguchi@kotone:~$ telnet 10.0.8.123
+Trying 10.0.8.123...
+Connected to 10.0.8.123.
+Escape character is '^]'.
-<code>
+User Access Verification
-R1>sh privilege
-Current privilege level is 1
+Username: user2
-R1>en
+Password:
-R1#sh privil
+R1#sh priv
-R1#sh privilege
+Current privilege level is 10
-Current privilege level is 15
 R1#conf t
 Enter configuration commands, one per line.  End with CNTL/Z.
-R1(config)#userna
+R1(config)#privi
-R1(config)#username test01 pri
+R1(config)#privil
-R1(config)#username test01 privilege 10 se
+R1(config)#priv
-R1(config)#username test01 privilege 10 secret test01sec
+R1(config)#privi
-R1(config)#username test02 pri
+R1(config)#privile
-R1(config)#username test02 privilege 15 secret test02sec
+R1(config)#privile
-R1(config)#do sh run | i username
+R1(config)#priv?
-username test01 privilege 10 secret 5 $1$Sntk$uitgUJVuNr6NsGLk0F/J.1
+% Unrecognized command
-username test02 privilege 15 secret 5 $1$dDvR$Zl/vSUBDcTQaFJUh1em3k.
+R1(config)#int f0/0
-R1(config)#line
+           ^
-R1(config)#line vty 0 15
-R1(config-line)#log
-R1(config-line)#logi
-R1(config-line)#login lo
-R1(config-line)#login local
-R1(config-line)#exit
-R1(config)#lin
-R1(config)#line conso
-R1(config)#disable
-             ^
 % Invalid input detected at '^' marker.
-R1(config)#
-R1(config)#
-R1(config)#
 R1(config)#^Z
-R1#
+R1#enable
-*Aug 15 02:16:09.987: %SYS-5-CONFIG_I: Configured from console by console
+Password:
+R1#sh priv
+Current privilege level is 15
 R1#disable
 R1>logout
+Connection closed by foreign host.
+wnoguchi@kotone:~$ telnet 10.0.8.123
+Trying 10.0.8.123...
+Connected to 10.0.8.123.
+Escape character is '^]'.
-R1 con0 is now available
-Press RETURN to get started.
-R1>en
-R1#conf t
-Enter configuration commands, one per line.  End with CNTL/Z.
-R1(config)#int f0/0
-R1(config-if)#ip address 10.0.8.123 255.255.255.0
-R1(config-if)#no shut
-R1(config-if)#do ping 10.0.8.254
-Type escape sequence to abort.
-Sending 5, 100-byte ICMP Echos to 10.0.8.254, timeout is 2 seconds:
-!!!!!
-Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
-R1(config-if)#exit
-R1(config)#line console 0
-R1(config-line)#logi
-R1(config-line)#login local
-R1(config-line)#logout
-% Incomplete command.
-R1(config-line)#exit
-R1(config)#exit
-R1#logout
-*Aug 15 02:24:06.911: %SYS-5-CONFIG_I: Configured from console by console
-R1#logout
-R1 con0 is now available
-Press RETURN to get started.
 User Access Verification
-Username: test02
+Username: user3
 Password:
-R1#sh pri
 R1#sh priv
-R1#sh privilege
 Current privilege level is 15
-R1#
+R1#conf t
-</code>
+Enter configuration commands, one per line.  End with CNTL/Z.
+R1(config)#pri
-<code>
+R1(config)#privi
-wnoguchi@kozue:~$ telnet 10.0.8.123
+R1(config)#privilege exe le
+R1(config)#privilege exec leve
+R1(config)#privilege exec level 1 show
+R1(config)#^Z
+R1#logout
+Connection closed by foreign host.
+wnoguchi@kotone:~$ telnet 10.0.8.123
 Trying 10.0.8.123...
 Connected to 10.0.8.123.
 Escape character is '^]'.
 User Access Verification
-Username: test01
+Username: user1
 Password:
-R1#configu
+R1>sh priv
-R1#configure terminal
+Current privilege level is 1
-      ^
+R1>logout
-% Invalid input detected at '^' marker.
-R1#era
-R1#erase
-R1#erase startup-config
-    ^
-% Invalid input detected at '^' marker.
-R1#sh run | i user
-       ^
-% Invalid input detected at '^' marker.
-R1#sh clock
-*02:22:24.691 UTC Thu Aug 15 2019
-R1#sh privi
-R1#sh privilege
-Current privilege level is 10
-R1#logout
 Connection closed by foreign host.
+wnoguchi@kotone:~$
 </code>
-++++
 <code>
@@ Line 358: / Line 310: @@
 R1#
 </code>
-<code>
-configure terminal
-!
-privilege exec level 10 configure
-enable password level 10 Cisco55
-!
-end
-</code>
-++++ Console Log |
 <code>
@@ Line 453: / Line 394: @@
   eigrp_af_classic_submode        Address Family configuration mode
-R1(config)#privilege sho
-R1(config)#privilege int
-R1(config)#privilege inter
-R1(config)#privilege interface
-R1(config)#privilege interface ?
-  all    All suboption will be set to the samelevel
-  level  Set privilege level of command
-  reset  Reset privilege level of command
-R1(config)#privilege exe
-R1(config)#privilege exec leve
-R1(config)#privilege exec level ?
-  <0-15>  Privilege level
-R1(config)#privilege exec level 10 ?
-  LINE  Initial keywords of the command to modify
-R1(config)#privilege exec level 10 confi?
-LINE    <cr>
-R1(config)#privilege exec level 10 configure
-R1(config)#en
-R1(config)#enab
-R1(config)#enable se
-R1(config)#enable secret ?
-      Specifies an UNENCRYPTED password will follow
-      Specifies a MD5 HASHED secret will follow
-      Specifies a PBKDF2 HASHED secret will follow
-      Specifies a SCRYPT HASHED secret will follow
-  LINE   The UNENCRYPTED (cleartext) 'enable' secret
-  level  Set exec level password
-R1(config)#enable secret le
-R1(config)#enable passwo
-R1(config)#enable password leve
-R1(config)#enable password level 10 Cisco55
-% Converting to a secret.  Please use "enable secret" in the future.
-R1(config)#no enable password level 10 Cisco55
-R1(config)#enable secret level 10 Cisco55
-R1(config)#end
-R1#
-*Aug 15 02:57:50.031: %SYS-5-CONFIG_I: Configured from console by test02 on console
-R1#logout
+</code>
+===== Jump to privileged exec mode immediately =====
+this is useful for verification use.
+<code>
+configure terminal
+!
+interface FastEthernet 0/0
+ ip address 10.0.8.123 255.255.255.0
+ no shutdown
+!
+line vty 0 15
+ login
+ privilege level 15
+ password iamgod
+!
+line console 0
+ login
+ privilege level 15
+ password iamgod
+!
+end
+</code>
+==== Verification ====
+<code>
 R1 con0 is now available
@@ Line 540: / Line 435: @@
-User Access Verification
-Username: test01
-Password:
-R1#sh run
-       ^
-% Invalid input detected at '^' marker.
-R1#conf t
-        ^
-% Invalid input detected at '^' marker.
-R1#configure
-Configuring from terminal, memory, or network [terminal]?
-Enter configuration commands, one per line.  End with CNTL/Z.
-R1(config)#inter
-R1(config)#int f0/0
-           ^
-% Invalid input detected at '^' marker.
-R1(config)#?
-Configure commands:
-  beep     Configure BEEP (Blocks Extensible Exchange Protocol)
-  call     Configure Call parameters
-  default  Set a command to its defaults
-  end      Exit from configure mode
-  exit     Exit from configure mode
-  help     Description of the interactive help system
-  license  Configure license features
-  netconf  Configure NETCONF
-  no       Negate a command or set its defaults
-  oer      Optimized Exit Routing configuration submodes
-  pfr      Performance Routing configuration submodes
-  sasl     Configure SASL
-  wsma     Configure Web Services Management Agents
-R1(config)#end
-R1#
-*Aug 15 02:59:09.111: %SYS-5-CONFIG_I: Configured from console by test01 on console
-R1#configure terminal
-             ^
-% Invalid input detected at '^' marker.
-R1#enable
-R1#configure terminal
-Enter configuration commands, one per line.  End with CNTL/Z.
-R1(config)#^Z
-R1#
-*Aug 15 02:59:39.775: %SYS-5-CONFIG_I: Configured from console by test01 on console
-R1#disable
-R1>sh privilege
-Current privilege level is 1
-R1>enable
-R1#sh privilege
-Current privilege level is 15
-R1#disable
-R1>logout
-R1 con0 is now available
-Press RETURN to get started.
@@ Line 652: / Line 446: @@
 User Access Verification
-Username: test01
 Password:
-R1#sh pri
+R1#sh priv
-R1#sh privi
+Current privilege level is 15
-R1#sh privilege
-Current privilege level is 10
 R1#conf t
-        ^
-% Invalid input detected at '^' marker.
-R1#configure
-Configuring from terminal, memory, or network [terminal]?
 Enter configuration commands, one per line.  End with CNTL/Z.
 R1(config)#^Z
+R1#sh r
+*Aug 18 05:23:34.630: %SYS-5-CONFIG_I: Configured from console by console
+R1#sh run | i priv
+username user2 privilege 10 secret 5 $1$ZRsH$6bnNLeYHu6UkaIaFMMf0n1
+username user3 privilege 15 secret 5 $1$KNnH$J70NyIsXID5SozkHnYtWI.
+privilege exec level 10 configure terminal
+privilege exec level 10 configure
+privilege exec level 10 show startup-config
+privilege exec level 10 show running-config
+privilege exec level 1 show
+ privilege level 15
+ privilege level 15
+ privilege level 15
 R1#
-*Aug 15 03:00:31.163: %SYS-5-CONFIG_I: Configured from console by test01 on console
-R1#conf t
-        ^
-% Invalid input detected at '^' marker.
-R1#enable
-R1#sh privi
-R1#sh privilege
-Current privilege level is 15
-R1#en
-R1#enable ?
-  <0-15>  Enable level
-  view    Set into the existing view
-  <cr>
-R1#enable 10
-R1#sh pri
-R1#sh privi
-R1#sh privilege
-Current privilege level is 10
-R1#conf t
-        ^
-% Invalid input detected at '^' marker.
-</code>
-++++
-===== Jump to privileged exec mode immediately =====
-<code>
-configure terminal
-!
-line vty 0 15
- privilege level 15
- login
- ! important!!
- password test03
-!
-end
-</code>
-<code>
-Trying 10.0.8.123...
-Connected to 10.0.8.123.
-Escape character is '^]'.
-User Access Verification
-Password:
-R1#conf t
-Enter configuration commands, one per line.  End with CNTL/Z.
-R1(config)#^Z
-R1#sh priv
-Current privilege level is 15
-R1#logout
-Connection closed by foreign host.
 </code>
@@ Line 733: / Line 474: @@
   - [[https://www.infraexpert.com/study/aaaz09.html|Cisco IOS - privilege levelとprivilege execの設定]]
+  - [[https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/m1/sec-m1-cr-book/sec-cr-p2.html#wp7303105770|Cisco IOS Security Command Reference: Commands M to R - ppp accounting through quit [Support & Downloads] - Cisco]]
+  - [[http://www.n-study.com/network/2006/09/cisco_telnet_1.html|Ciscoデバイスの管理 Telnetによるリモート管理 その1 (ネットワークのおべんきょしませんか？ Cisco CCNA/CCNP/CCIE、ネットワークスペシャリスト試験の勉強にピッタリ)]]

PG1X

User Tools

Site Tools

Differences

Page Tools