Cisco Catalyst 4503-E Manual page 74
Catalyst 4500 series
Hide thumbs
Also See for Catalyst 4503-E:
- Brochure (2 pages) ,
- Configuration manual (612 pages) ,
- Installation manual (172 pages)
Table of Contents
Advertisement
Cisco Cat4K NDPP ST
EDCS-1228241
TOE SFRs
How the SFR is Met
For level 0, there are five commands associated with privilege
level 0: disable, enable, exit, help, and logout. However, the level
could be configured to allow a user to have access to the 'show'
command.
Level 1 is normal EXEC-mode user privileges.
Following is an example of how privileges are set, rules in
setting privilege levels and assigning users to those privilege
levels. Note, that the administrator needs to have the
appropriate privilege level and if required, applicable
password to execute the commands:
When setting the privilege level for a command with multiple
words (commands), the commands starting with the first word
will also have the specified access level. For example, if the show
ip route command is set to level 15, the show commands and
show ip commands are automatically set to privilege level 15—
unless they are individually set to different levels. This is
necessary because a user cannot execute, for example, the show
ip command unless the user also has access to show commands.
To change the privilege level of a group of commands, the all
keyword is used. When a group of commands is set to a privilege
level using the all keyword, all commands which match the
beginning string are enabled for that level, and all commands
which are available in submodes of that command are enabled for
that level. For example, if the show ip keywords is set to level 5,
show and ip will be changed to level 5 and all the options that
follow the show ip string (such as show ip accounting, show ip
aliases, show ip bgp, and so on) will be available at privilege
level 5.
The privilege command is used to move commands from one
privilege level to another in order to create the additional levels of
administration. The default configuration permits two types of
users to access the CLI. The first type of user is a person who is
only allowed to access user EXEC mode. The second type of
user is a person who is allowed access to privileged EXEC
mode. A user who is only allowed to access user EXEC mode is
not allowed to view or change the configuration of the
networking device, or to make any changes to the operational
status of the networking device. On the other hand, a user who
is allowed access to privileged EXEC mode can make any change
to a networking device that is allowed by the CLI.
Following is an example for setting the privilege levels for
74
11 March 2014
Hide quick links:
Advertisement
Table of Contents
