You want to set the privilege level according to which port you use to access the router.
To configure the privilege level of a particular line, use the following configuration command:
Router1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router1(config)#line aux 0 Router1(config-line)#privilege level 5 Router1(config-line)#exit Router1(config)#privilege exec level 5 show ip route Router1(config)#privilege exec level 1 show ip Router1(config)#privilege exec level 1 show Router1(config)#end Router1#
By default, every access line has a privilege level of 1. You can change the privilege level assigned to a particular line with the privilege level command. The following example shows what happens when we connect to an AUX port that is configured with privilege level 5:
Press RETURN to get started.
Router1#show privilege
Current privilege level is 5
Router1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 172.22.1.3 to network 0.0.0.0
C 172.22.1.0 is directly connected, FastEthernet1/0
O*E1 0.0.0.0/0 [110/3] via 172.22.1.3, 1w2d, FastEthernet1/0
Router1#disable
Router1>show ip route
^
% Invalid input detected at '^' marker.
Router1>
Note that no username or password is needed to log in, and the privilege level defaults to 5. This permits us to issue a show ip route command. We have raised the privilege of this command to the same level, so it works. When we use the disable command to set the privilege level back to 1 and attempt to issue the show ip route command again, it fails.
Although we have just shown how to increase the privilege level of a router port, this command is more commonly used to lower the level to 0. Lowering the privilege level provides greater security on insecure lines as well as greater flexibility in restricting commands. For instance, you can use this method to restrict the commands available to a user connected on a particular port down to just telnet, preventing all other commands. You can accomplish this by configuring a port to privilege level 0 and lowering the privilege level of the telnet command to the same level. This is useful when the router is acting as a terminal server.
|
|
|
| Top |