Problem
You want to set the privilege level according to which port you use to access the router.
Solution
To configure the privilege level of a particular line, use the following configuration command:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#line aux 0 Router1(config-line)#privilege level 5 Router1(config-line)#exit Router1(config)#privilege exec level 5 show ip route Router1(config)#privilege exec level 1 show ip Router1(config)#privilege exec level 1 show Router1(config)#end Router1#
Discussion
By default, every access line has a privilege level of 1. You can change the privilege level assigned to a particular line with the privilege level command. The following example shows what happens when we connect to the AUX port when it is configured with privilege level 5:
Press RETURN to get started. Router1#show privilege Current privilege level is 5 Router1#show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is 172.22.1.3 to network 0.0.0.0 C 172.22.1.0 is directly connected, FastEthernet1/0 O*E1 0.0.0.0/0 [110/3] via 172.22.1.3, 1w2d, FastEthernet1/0 Router1#disable Router1>show ip route ^ % Invalid input detected at '^' marker. Router1>
You will notice that no username or password is needed to log in, and the privilege level defaults to 5. This permits us to issue a show ip route command. We have raised the privilege of this command to the same level, so it works. When we use the disable command to set the privilege level back to 1 and attempt to issue the show ip route command again, it fails.
Although we have just shown how to increase the privilege level of a router port, this command is more commonly used to lower the level to 0. Lowering the privilege level provides greater security on insecure lines and provides greater flexibility in restricting commands. For instance, you can use this method to restrict the commands available to a user connected on a particular port down to just Telnet, preventing all other commands. You can accomplish this by configuring a port to privilege level 0 and lowering the privilege level of the Telnet command to the same level. This is useful when the router is acting as a terminal server.
See Also
Recipe 3.21; Recipe 3.22
Router Configuration and File Management
Router Management
User Access and Privilege Levels
TACACS+
IP Routing
RIP
EIGRP
OSPF
BGP
Frame Relay
Handling Queuing and Congestion
Tunnels and VPNs
Dial Backup
NTP and Time
DLSw
Router Interfaces and Media
Simple Network Management Protocol
Logging
Access-Lists
DHCP
NAT
First Hop Redundancy Protocols
IP Multicast
IP Mobility
IPv6
MPLS
Security
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications
Index