Protecting Access to Privileged EXEC Commands
Setting the Privilege Level for a Command
Beginning in privileged EXEC mode, follow these steps to set the privilege level for a command mode:
Command
Step 1
configure terminal
Step 2
privilege mode level level command
Step 3
enable password level level password
Step 4
end
Step 5
show running-config
or
show privilege
Step 6
copy running-config startup-config
When you set a command to a privilege level, all commands whose syntax is a subset of that command
are also set to that level. For example, if you set the show ip traffic command to level 15, the show
commands and show ip commands are automatically set to privilege level 15 unless you set them
individually to different levels.
To return to the default privilege for a given command, use the no privilege mode level level command
global configuration command.
This example shows how to set the configure command to privilege level 14 and define SecretPswd14
as the password users must enter to use level 14 commands:
Switch(config)# privilege exec level 14 configure
Switch(config)# enable password level 14 SecretPswd14
Catalyst 2960 and 2960-S Switches Software Configuration Guide, Release 15.0(1)SE
9-8
Purpose
Enter global configuration mode.
Set the privilege level for a command.
For mode, enter configure for global configuration mode, exec for
•
EXEC mode, interface for interface configuration mode, or line for
line configuration mode.
For level, the range is from 0 to 15. Level 1 is for normal user EXEC
•
mode privileges. Level 15 is the level of access permitted by the
enable password.
•
For command, specify the command to which you want to restrict
access.
Specify the enable password for the privilege level.
For level, the range is from 0 to 15. Level 1 is for normal user EXEC
•
mode privileges.
•
For password, specify a string from 1 to 25 alphanumeric characters.
The string cannot start with a number, is case sensitive, and allows
spaces but ignores leading spaces. By default, no password is
defined.
Return to privileged EXEC mode.
Verify your entries.
The first command shows the password and access level configuration.
The second command shows the privilege level configuration.
(Optional) Save your entries in the configuration file.
Chapter 9
Configuring Switch-Based Authentication
OL-26520-01