Configuring Multiple Privilege Levels - Cisco WS-SUP32-GE-3B - Supervisor Engine 32 Software Configuration Manual

Chapter 3 Configuring the Switch for the First Time
The service password-encryption command does not provide a high level of network security. If you
Caution
use this command, you should also take additional network security measures.
Although you cannot recover a lost encrypted password (that is, you cannot get the original password
back), you can regain control of the switch after you lose or forget the encrypted password. See the
"Recovering a Lost Enable Password" section on page 3-18
To display the password or access level configuration, see the
and Privilege Level Configuration" section on page

Configuring Multiple Privilege Levels

By default, the Cisco IOS software has two modes of password security: user EXEC mode and privileged
EXEC mode. You can configure up to 16 hierarchical levels of commands for each mode. By configuring
multiple passwords, you can allow different sets of users to have access to specified commands.
For example, if you want many users to have access to the clear line command, you can assign it level 2
security and distribute the level 2 password widely. If you want more restricted access to the configure
command, you can assign it level 3 security and distribute that password to more restricted users.
These tasks describe how to configure additional levels of security:
•
•
•
•
•
Setting the Privilege Level for a Command
To set the privilege level for a command, perform this task:
Command
Step 1
Router(config)# privilege mode level level
command
Step 2
Router(config)# enable password level level
[encryption-type] password
To display the password or access level configuration, see the
and Privilege Level Configuration" section on page
Changing the Default Privilege Level for Lines
To change the default privilege level for a given line or a group of lines, perform this task:
Command
Router(config-line)# privilege level level
OL-11439-03
Setting the Privilege Level for a Command, page 3-17
Changing the Default Privilege Level for Lines, page 3-17
Logging In to a Privilege Level, page 3-18
Exiting a Privilege Level, page 3-18
Displaying the Password, Access Level, and Privilege Level Configuration, page 3-18
Catalyst Supervisor Engine 32 PISA Cisco IOS Software Configuration Guide, Release 12.2ZY
Protecting Access to Privileged EXEC Commands
if you lose or forget your password.
"Displaying the Password, Access Level,
3-18.
Purpose
Sets the privilege level for a command.
Specifies the enable password for a privilege level.
"Displaying the Password, Access Level,
3-18.
Purpose
Changes the default privilege level for the line.
3-17