8-8
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 8 Configuring Switch-Based Authentication
Protecting Access to Privileged EXEC Commands
Setting the Privilege Level for a Command
Beginning in privileged EXEC mode, follow these steps to set the privilege level for a command mode:
When you set a command to a privilege level, all commands whose syntax is a subset of that command
are also set to that level. For example, if you set the
show ip traffic
command to level 15, the
show
commands and
show ip
commands are automatically set to privilege level 15 unless you set them
individually to different levels.
To return to the default privilege for a given command, use the
no privilege
mode
level
level
command
global configuration command.
This example shows how to set the
configure
command to privilege level 14 and define
SecretPswd14
as the password users must enter to use level 14 commands:
Switch(config)#
privilege exec level 14 configure
Switch(config)#
enable password level 14 SecretPswd14
Command
Purpose
Step 1
configure terminal
Enter global configuration mode.
Step 2
privilege
mode
level
level
command
Set the privilege level for a command.
•
For
mode
, enter
configure
for global configuration mode,
exec
for
EXEC mode,
interface
for interface configuration mode, or
line
for
line configuration mode.
•
For
level
, the range is from 0 to 15. Level 1 is for normal user EXEC
mode privileges. Level 15 is the level of access permitted by the
enable
password.
•
For
command
, specify the command to which you want to restrict
access.
Step 3
enable password level
level
password
Specify the enable password for the privilege level.
•
For
level
, the range is from 0 to 15. Level 1 is for normal user EXEC
mode privileges.
•
For
password
, specify a string from 1 to 25 alphanumeric characters.
The string cannot start with a number, is case sensitive, and allows
spaces but ignores leading spaces. By default, no password is
defined.
Step 4
end
Return to privileged EXEC mode.
Step 5
show running-config
or
show privilege
Verify your entries.
The first command shows the password and access level configuration.
The second command shows the privilege level configuration.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.