Module 5 Flashcards
Cisco IOS software has two methods of providing infrastructure access:
Both methods help determine who should be allowed to connect to the device and what that person should be able to do with it.
privilege level and role-based CLI.
___ access provides more granularity and control.
Role-based CLI
By default, the Cisco IOS software CLI has two levels of access to commands:
User EXEC mode (privilege level 1)
Privileged EXEC mode (privilege level 15)
This provides the lowest EXEC mode user privileges and allows only user-level commands available at the Router> prompt.
User EXEC mode (privilege level 1)
This includes all enable-level commands at the Router# prompt.
Privileged EXEC mode (privilege level 15)
There are __ privilege levels in total.
16
The ___ the privilege level, the more router access a user has.
higher
Commands that are available at ____ privilege levels are also executable at ____ levels.
lower - higher
Predefined for user-level access privileges. Seldom used, but includes five commands: disable, enable, exit, help, and logout.
Level 0:
The default level for login with the router prompt Router >. A user cannot make any changes or view the running configuration file.
Level 1:
May be customized for user-level privileges. Commands from lower levels may be moved up to another higher level, or commands from higher levels may be moved down to a lower level.
Levels 2 -14:
Reserved for the enable mode privileges (enable command). Users can change configurations and view configuration files.
Level 15:
To assign commands to a custom privilege level, use the privilege global configuration mode command
Router(config)# privilege mode {level level(italic)|reset} command
Specifies the configuration mode. Use the privilege ? command to see a complete list of router configuration modes available on your router.
mode
(Optional) Enables setting a privilege level with a specified command.
level
(Optional) The privilege level that is associated with a command. You can specify up to 16 privilege levels, using numbers 0 to 15.
level italic
(Optional) Resets the privilege level of a command.
reset
(Optional) Argument to use when you want to reset the privilege level.
command
To configure a privilege level with specific commands, use the
privilege exec level level [command].
example
R1(config)# privilege exec level 5 ping
R1(config)# privilege exec level 10 reload
There are two methods for assigning passwords to the different privilege levels:
To a user that is granted a specific privilege level, use the username namei privilege leveli secret passwordi global configuration mode command
To the privilege level, use the enable secret level leveli passwordi global configuration mode command
Note: Both the username secret and the enable secret commands are configured for encryption.
type 9
Use the __ command to assign a privilege level to a specific user.
username
Use the ____ command to assign a privilege level to a specific EXEC mode password.
enable secret
Limitations of privilege levels
There is no access control to specific interfaces, ports, logical interfaces, and slots on a router.
Commands available at lower privilege levels are always executable at higher levels.
Commands specifically set at a higher privilege level are not available for lower privileged users.
Assigning a command with multiple keywords allows access to all commands that use those keywords. For example, allowing access to show ip route allows the user access to all show and show ip commands.