1.admin - privilege 15
2.support - privilege 2
admin have privilege 15 because he is super user, he can configure and execute command, while support have privilege 2, we want to restrict access of privilege 2 which he cannot execute command, he can only show specific configuration which has been configured for the level 2 privilege.
So, first step we have to create a login name,the privilege level(15) and the password for the admin:
cisco(config)#username admin privilege 15 secret cisco.
im using secret command for encrypt the password . Then, to enable the CLI to prompt the login and password each time you want to access the device,execute this command:
cisco(config)#line console 0
cisco(config-if)#login local
After that, I create the level 2 access privilege, in this example, I want support users only able to show running config command and only certain details specified to the sh running config command will appear.
cisco(config)#privilege exec level 2 show running-config
cisco(config)#privilege conf level 2 router
cisco(config)#privilege conf level 2 hostname
cisco(config)#privilege conf level 2 interface
cisco(config)#privilege interface level 2 ip add
Then,still in admin privilege, I create user named support and assign it to privilege 2 and its password using secret,here the command:
cisco(config)#username support privilege 2 secret cisco
Lastly, exit admin and login into user support and try the command sh run, the show run will only display the details that I have specified earlier . Try enter command config t, you will cannot enter the config t mode.
save running config, command wr.
No comments:
Post a Comment