IBM 12.1(22)EA6 Switch User Manual


 
5-7
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
Chapter 5 Configuring Switch-Based Authentication
Protecting Access to Privileged EXEC Commands
For example, if you want many users to have access to the clear line command, you can assign it
level 2 security and distribute the level 2 password fairly widely. But if you want more restricted access
to the configure command, you can assign it level 3 security and distribute that password to a more
restricted group of users.
This section includes this configuration information:
Setting the Privilege Level for a Command, page 5-7
Changing the Default Privilege Level for Lines, page 5-8
Logging into and Exiting a Privilege Level, page 5-8
Setting the Privilege Level for a Command
Beginning in privileged EXEC mode, follow these steps to set the privilege level for a command mode:
When you set a command to a privilege level, all commands whose syntax is a subset of that command
are also set to that level. For example, if you set the show ip traffic command to level 15, the show
commands and show ip commands are automatically set to privilege level 15 unless you set them
individually to different levels.
To return to the default privilege for a given command, use the no privilege mode level level command
global configuration command.
Command Purpose
Step 1
configure terminal Enter global configuration mode.
Step 2
privilege mode level level command Set the privilege level for a command.
For mode, enter configure for global configuration mode, exec for
EXEC mode, interface for interface configuration mode, or line for
line configuration mode.
For level, the range is from 0 to 15. Level 1 is for normal user EXEC
mode privileges. Level 15 is the level of access permitted by the
enable password.
For command, specify the command to which you want to restrict
access.
Step 3
enable password level level password Specify the enable password for the privilege level.
For level, the range is from 0 to 15. Level 1 is for normal user EXEC
mode privileges.
For password, specify a string from 1 to 25 alphanumeric characters.
The string cannot start with a number, is case sensitive, and allows
spaces but ignores leading spaces. By default, no password is
defined.
Step 4
end Return to privileged EXEC mode.
Step 5
show running-config
or
show privilege
Verify your entries.
The first command displays the password and access level configuration.
The second command displays the privilege level configuration.
Step 6
copy running-config startup-config (Optional) Save your entries in the configuration file.