User Levels

In Cisco devices there is a hierarchical structure of modes for access levels and permissions.  

User EXEC:
  • User EXEC mode gives you Level 1 privileges which allow access to very basic functions of the network device.  Even though this level is severely restricted in terms of what can be executed from it there is still damage that can be done from this level.
  • Most properly hardened devices default to User EXEC mode when you first log in.   You can verify that you are in this mode by looking at the prompt.  In Cisco switches, routers, and firewalls this prompt will look like:   hostname>  
Privileged EXEC:
  • Privileged EXEC mode gives you level 15 privileges.  With level 15 privilege you have complete administrative control over the network device.  The only thing you cannot configure with this privilege level would be something like rommon or similar service that has to be configured outside of the normal operating system.  
  • Privileged exec mode looks like:  hostname#
Privilege Levels 0, 2-14
  • Yes these levels do exist and you can custom define their capabilities.  Most admins will look over them because in SMB they usually aren't necessary simply due to the smaller staff.  When you enter large organizations though and part of your team needs access to do things like verify traffic flowing through a port, but not make any configuration changes you will see these other levels being utilized more often.
Global Configuration and Other Modes
  • Cisco will state that there are other configuration modes outside of the User and Privileged EXEC.  Personally I tend to look at these as sub-configuration modes because in order to enter almost all of those modes you need to first be Privileged EXEC (or have a custom defined level that grants access). 
  • To enter Global Configuration mode you would
    • hostname#configure terminal
    • hostname(config)#
I think it's an overkill if you are just beginning to familiarize yourself with Cisco equipment, but if you would like to learn more about the various access levels and modes this Cisco document explains them briefly and includes instructions on how to enter/exit the various modes/sub-modes.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)