Scribd
Upload
367 views

Privilege Access Levels Cisco

To configure privilege access levels on a Cisco ASA, there are 4 steps: 1) Enable command authorization, 2) Define commands for specific privilege levels, 3) Create a user and assign a privilege level, 4) Create an enable password for the new privilege level. The username command adds a user to the ASA database, optionally assigning a privilege level. Privilege levels control which commands a user can access.

Uploaded by

ANGEL Guzman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
367 views

Privilege Access Levels Cisco

To configure privilege access levels on a Cisco ASA, there are 4 steps: 1) Enable command authorization, 2) Define commands for specific privilege levels, 3) Create a user and assign a privilege level, 4) Create an enable password for the new privilege level. The username command adds a user to the ASA database, optionally assigning a privilege level. Privilege levels control which commands a user can access.

Uploaded by

ANGEL Guzman
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Privilege Access levels Cisco

To configure privilege access levels on cisco asa commands there are 4 steps involved
in this  as follows:

1. Enable command authorization ( LOCAL in this case means , keep the command
authorization configuration on the firewall ) :

aaa authorization command LOCAL

2. You can define commands you want to use on a certain level, for example these
commands will enable a user in privilege level 5 to view and clear crypto tunnels

privilege show level 5 command crypto


privilege clear level 5 command crypto

3. Create a user and assign the privilege level to her/him :

username userName password userPass privilege 5

4. Create an enable password for the new privilege level :

enable password enablePass level 5

Now when the user logs in she/he can type :

enable 5

Enter the password from step for and they will be able to run the above crypto
commands.

---
To add a user to the security appliance database, enter the username command in global
configuration mode. To remove a user, use the no version of this command with the
username you want to remove. To remove all usernames, use the no version of this
command without appending a username.

username name {nopassword | password password [mschap | encrypted | nt-


encrypted]} [privilege priv_level]

This privilege level is used with command authorization.

no username name

----------

In general you can use this version of username command as well for simple config:
username password privilege

e.i.  (lever 15 allows full EXEC mode access - as well as all ASDM features)

username sachingarg password HC!@%$#@! privilege 15

The default privilege level is 2.

Please remember as I have said above that access levels (1-15) aren't relevant much
unless you authorize command authorization:

aaa authorization command LOCAL

---

Viewing Command Privilege Levels

The following commands let you view privilege levels for commands.

•To show all commands, enter the following command:

hostname(config)# show running-config all privilege all

•To show commands for a specific level, enter the following command:

hostname(config)# show running-config privilege level level

The level is an integer between 0 and 15.

•To show the level of a specific command, enter the following command:

hostname(config)# show running-config privilege command command

For example, for the show running-config all privilege all command, the system
displays the current assignment of each CLI command to a privilege level. The
following is sample output from the command.

hostname(config)# show running-config all privilege all


privilege show level 15 command aaa
privilege clear level 15 command aaa
privilege configure level 15 command aaa
privilege show level 15 command aaa-server
privilege clear level 15 command aaa-server
privilege configure level 15 command aaa-server
privilege show level 15 command access-group
privilege clear level 15 command access-group
privilege configure level 15 command access-group
privilege show level 15 command access-list
privilege clear level 15 command access-list
privilege configure level 15 command access-list
privilege show level 15 command activation-key
privilege configure level 15 command activation-key
....
The following command displays the command assignments for privilege level 10:

hostname(config)# show running-config privilege level 10


privilege show level 10 command aaa

The following command displays the command assignment for the access-list
command:

hostname(config)# show running-config privilege command access-list


privilege show level 15 command access-list
privilege clear level 15 command access-list
privilege configure level 15 command access-list

ciscoasa5520# show run all username


ciscoasa5520# show run all privilege | grep pwd

-----

You might also like