最新消息:

Cisco IOS权限等级

IT技术 ipcpu 2984浏览

Cisco IOS的权限等级有三个level0、level1、level15
其中level0有5条命令,level1有大概40条命令,其余的都在level15中。
高等级可以调用低等级的命令。

用户EXEC模式-权限等级1   特权EXEC模式-权限等级15

我们先看level0的命令:
Router#enable 0
Router>?
Exec commands:
disable  Turn off privileged commands
enable   Turn on privileged commands
exit     Exit from the EXEC
help     Description of the interactive help system
logout   Exit from the EXEC
Router>enable 1
% No password set
Router>
从level0进入level1提示密码没有设置。
给level1设置密码:
Router(config)#enable password level 1 0 ipcpu
% Converting to a secret.  Please use “enable secret” in the future.
!这里面的0表示明文显示,但是IOS自动把password转为secret。

Router#enable 0
Router>en
Router>enable 1
Password:
Router>
命令如下:
Router>?
Exec commands:
access-enable    Create a temporary Access-List entry
access-profile   Apply user-profile to interface
clear            Reset functions
connect          Open a terminal connection
disable          Turn off privileged commands
disconnect       Disconnect an existing network connection
enable           Turn on privileged commands
exit             Exit from the EXEC
help             Description of the interactive help system
lock             Lock the terminal
login            Log in as a particular user
logout           Exit from the EXEC
mrinfo           Request neighbor and version information from a multicast
router
mstat            Show statistics after multiple multicast traceroutes
mtrace           Trace reverse multicast path from destination to source
name-connection  Name an existing network connection
pad              Open a X.29 PAD connection
ping             Send echo messages
ppp              Start IETF Point-to-Point Protocol (PPP)
resume           Resume an active network connection
rlogin           Open an rlogin connection
show             Show running system information
slip             Start Serial-line IP (SLIP)
systat           Display information about terminal lines
telnet           Open a telnet connection
terminal         Set terminal line parameters
traceroute       Trace route to destination
tunnel           Open a tunnel connection
udptn            Open an udptn connection
where            List active connections
x28              Become an X.28 PAD
x3               Set X.3 parameters on PAD

Router>

其实level1级别就是从console登录到路由router> 的最初级别

接下来我们设置几个用户,将15级的命令clear line放到1级:

Router(config)#username wss privilege 1 password wss
登陆后
Router>clear ?
% Unrecognized command
Router>en
Password:
Router#conf t
Router(config)#privilege exec level 1 clear line
再次用wss登陆
Router>clear line ?
<0-70>   Line number
aux      Auxiliary line
console  Primary terminal line
tty      Terminal controller
vty      Virtual terminal

Router>clear line

IOS可以使用privilege命令将1或者15的命令抠出来,放到其中的几个级别。

我们平时使用的enable实际就是enable 15的简写
Router(config)#enable secret level 15 0 ncist

再次登陆验证!
H3C设备的命令级别分4个: 访问级0级、监控级1级、系统级2级、管理级3级。

转载请注明:IPCPU-网络之路 » Cisco IOS权限等级