Guest

Cisco IOS Software Releases 12.0 S

Privilege Command Enhancements

  • Viewing Options

  • PDF (180.4 KB)
  • Feedback
Privilege Command Enhancements

Table Of Contents

Privilege Command Enhancements

Feature Overview

Benefits

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Configuration Tasks

Configuration Examples

Command Reference

privilege (global)


Privilege Command Enhancements


Feature History

Release
Modification

12.0(22)S

This feature was introduced.


This document describes the Privilege Command Enhancements feature in Cisco IOS Release 12.0(22)S. It includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Configuration Tasks

Command Reference

Feature Overview

This feature simplified the configuration of privilege levels for all commands through the enhancement of the privilege global configuration command. A privilege level can now be specified for all keyword options of a command with a single command-line interface (CLI) command. Previously, separate privilege commands were required for each keyword combination of a command.

Benefits

Reduces the number of commands to configure privilege levels for all the options of a command, reducing the CPU time and increasing performance.

Reduces the size of the configuration file freeing up space in NVRAM.

Related Documents

Cisco IOS Configuration Fundamentals Command Reference, Release 12.2

Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.2

Supported Platforms

Cisco 7500 series

Cisco 10000 series

Cisco 12000 series

Determining Platform Support Through Cisco Feature Navigator

Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Cisco Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.

To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Availability of Cisco IOS Software Images

Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

No new or modified MIBs are supported by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://tools.cisco.com/ITDIT/MIBS/servlet/index

If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:

http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml

To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:

http://www.cisco.com/register

RFCs

No new or modified RFCs are supported by this feature.

Configuration Tasks

None

Configuration Examples

None

Command Reference

This section documents the following modified command. All other commands used with this feature are documented in the Cisco IOS Release 12.2 command reference publications.

privilege (global)

privilege (global)

To set the privilege level for a command, use the privilege (global) command in configuration mode. Use the no form of this command to revert to default privileges for a given command.

privilege mode [all {level level}] | [reset command]

no privilege mode [all {level level}] | [reset command]

Syntax Description

mode

Configuration mode. See Table 1 in the "Usage Guidelines" section for a list of options for this argument.

all

(Optional) Changes the privilege level for all the suboptions to the same level.

level

Enables setting a privilege level with a specified command.

level

specifies the privilege level associated with a command. You can specify up to sixteen privilege levels, using numbers 0 through 15.

reset

(Optional) Resets the privilege level of a command.

command

Command for which you want to reset the privilege level.


Defaults

No default behavior or values.

Command Modes

Global configuration

Command History

Release
Modification

10.3

This command was introduced.

12.0(22)S

The all keyword was added.


Usage Guidelines

The password for a privilege level defined using the privilege global configuration command is configured using the enable password command.

Level 0 can be used to specify a more-limited subset of commands for specific users or lines. For example, you can allow user "guest" to use only the show users and exit commands.

To change the privilege level of a particular command or its suboptions, use the all keyword.


Note There are five commands associated with privilege level 0: disable, enable, exit, help, and logout. If you configure AAA authorization for a privilege level greater than 0, these five commands will not be included.


When you set a command to a privilege level, all commands whose syntax is a subset of that command are also set to that level. For example, if you set the show ip route command to level 15, the show commands and show ip commands are automatically set to privilege level 15—unless you set them individually to different levels. To set all the suboptions available under a command to the same level as the command, use the all keyword. For example, if you set the show ip keywords to level 5, show and ip will be changed to level 5 and all the suboptions under ip will be executed from level 5.

Table 1 shows the acceptable options for the mode argument in the privilege command

.

Table 1 Mode Argument Options 

Command
Description

accept-dialin

VPDN Accept-dialin group configuration mode

accept-dialout

VPDN Accept-dialout group configuration mode

address-family

Address family configuration mode

alps-ascu

ALPS ASCU configuration mode

alps-circuit

ALPS circuit configuration mode

atm-bm-config

ATM VC bundle-member configuration mode

atm-bundle-config

ATM VC bundle configuration mode

atm-vc-config

ATM virtual circuit (VC) configuration mode

atmsig_e164_table_mode

ATMSIG E164 Table

cascustom

CAS custom configuration mode

config-rtr-http

RTR HTTP raw request configuration mode

configure

Global configuration mode

controller

Controller configuration mode

crypto-map

Crypto map configuration mode

crypto-transform

Crypto transform configuration mode

dhcp

DHCP pool configuration mode

dspfarm

DSP farm configuration mode

exec

EXEC mode

flow-cache

Flow aggregation cache configuration mode

gateway

Gateway configuration mode

interface

Interface configuration mode

interface-dlci

Frame Relay DLCI configuration mode

ipenacl

IP named extended access-list configuration mode

ipsnacl

IP named simple access-list configuration mode

ip-vrf

Configure IP VRF parameters

lane

ATM LAN Emulation LECS Configuration Table

line

Line configuration mode

map-class

Map class configuration mode

map-list

Map list configuration mode

mpoa-client

MPOA Client

mpoa-server

MPOA Server

null-interface

Null interface configuration mode

preaut

AAA Preauth definitions

request-dialin

VPDN Request-dialin group configuration mode

request-dialout

VPDN Request-dialout group configuration mode

route-map

Route map configuration mode

router

Router configuration mode

rsvp-local-policy

RSVP local policy configuration mode

rtr

RTR entry configuration mode

sg-radius

RADIUS server group definition

sg-tacacs+

TACACS+ server group

sip-ua

SIP UA configuration mode

subscriber-policy

Subscriber policy configuration mode

tcl

TCL configuration mode

tdm-conn

TDM connection configuration mode

template

Template configuration mode

translation-rule

Translation-rule configuration mode

vc-class

VC class configuration mode

voiceclass

Voice class configuration mode

voiceport

Voice configuration mode

voipdialpeer

Dial peer configuration mode

vpdn-group

VPDN group configuration mode


The following example shows how to set the configure command to privilege level 14 and establish SecretPswd14 as the password users must enter to use level 14 commands:

privilege exec level 14 configure
enable secret level 14 SecretPswd14

The following example shows how to reset the configure command privilege level:
privilege exec reset configure

The following example shows how to set the show and ip keywords to level 5. The suboptions coming 
under ip will also be executed from level 5.
privilege exec all level 5 show ip