|
In preparation of your CCNA Security 640-553 exam, we want to make sure we cover the topics that you will encounter on your CCNA exam. So to assist you, below we will discuss the CCNA Security concept, xxxxxxxxx. As you progress through your CCNA exam studies, I am sure with repetition you will find that all the topics become much easier. So even though this may be a difficult concept initially, keep at it as no one said getting your Cisco certification would be easy!
Secure
administrative access to Cisco routers by configuring multiple privilege levels
By
default, the Cisco IOS software command-line interface (CLI) has two levels of
access to commands: user EXEC mode (level 1) and privileged EXEC mode (level
15). However, you can configure additional levels of access to commands, called
privilege levels, to meet the needs of your users while protecting the system
from unauthorized access. Up to 16 privilege levels can be configured, from
level 0, which is the most restricted level, to level 15, which is the least
restricted level.
Access to each privilege level is enabled through separate
passwords, which you specify when configuring the privilege level.
For example, if you want a certain set of users to be able to
configure only certain interfaces, but not allow them access to other
configuration options, you could create a separate privilege level for only
specific interface configuration commands and distribute the password for that
level to those users.
Setting the Privilege Level for
a Command
To create a new privilege level and associate commands with that
privilege level, use the following commands in beginning in global
configuration mode:
|
|
Command
|
Purpose
|
|
Step 1
|
Router(config)# privilegemode level level command-string
|
Configures the specified privilege level
to allow access to the specified command.
|
|
Step 2
|
Router(config)# enable
secret level level {0 |5}password-string
|
Sets the password for the specified
privilege level. This is the password users will enter after entering the enable level command to access the specified
level.
• 0 indicates an unencrypted password
string follows; 5 indicates an encrypted password
string follows.
|
|
Step 3
|
Router(config)# exit
|
Exists global configuration mode and
returns to EXEC mode.
|
|
Step 4
|
Router# do copy running-config startup-config
|
(Optional) Saves the configuration to
the startup configuration file in NVRAM.
Note  The do keyword allows execution of EXEC
commands in configuration mode.
|
Changing the Default Privilege Level for Lines
To change the default privilege level for a given line or a group
of lines, use the following command in line configuration mode:
|
Command
|
Purpose
|
|
Router(config-line)# privilege
level level
|
Specifies a default privilege level for
a line.
|
Displaying Current Privilege Levels
To display the current privilege level you can access based on the
password you used, use the following command in EXEC
mode:
|
Command
|
Purpose
|
|
Router# show privilege
|
Displays your current privilege level.
|
Logging In to a Privilege Level
To log into a router at a specified privilege level, use the
following command in EXEC mode:
|
Command
|
Purpose
|
|
Router# enable level
|
Logs in to a specified privilege level.
|
To exit to a specified privilege level, use the following command
in EXEC mode:
|
Command
|
Purpose
|
|
Router# disable level
|
Exits to a specified privilege level.
|
We hope you found this Cisco CCNA Security 640-553 certification article helpful. We pride ourselves on not only tons of free Cisco CCNA exam information, but also providing you with the real world Cisco CCNA skills to advance in your networking career as you exercise the many CCNA lab scenarios in our lab workbooks.
|
Lab Certification Kits
