Role Based Access Control: is a method of assigning set of permissions to the users based upon roles.
Ex: Jr. Level admin or sr.level admin
-> we can implement RBAC( Role Based Access Control) using two ways
i) Privilege Levels
ii) Parser Views
Privilege Levels:
-> All the commands of cisco devices are divided into 16 privilege levels (0 to 15).
-> By default User Mode will be in privilege level 1 and Enable Mode will be present in Privilege level 15.
-> Custom Privilege levels can be created between privilege level 2 to Privilege level 14.
-> Each Privilege level can be assigned with a list of commands that are allowed to access in the privilege level.
Steps to create Custom Privilege Level
1) Login into the router with Privilege level 15.
Router> enable
Password: ****
Router # Show privilege
Current Privilege level is 15
2) Create custom Privilege level
Router #privilege exec level 2 show run
Router # Privilege exec level 2 configure terminal
3) Configure Password for the Privilege level 2
Router# enable password level 2 cisco
or
4) Assign Privilege level to the users
Router# username ccnp privilege 2 password ccnp
Note: cisco is the password for Level 2
Verification: Login into the router with Privilege level 2
Router> enable 2
password: cisco
Router # show privilege
Current Privilege level is 2
Check what are the commands are allowed in the privilege level.
Router#?
Ex: Jr. Level admin or sr.level admin
-> we can implement RBAC( Role Based Access Control) using two ways
i) Privilege Levels
ii) Parser Views
Privilege Levels:
-> All the commands of cisco devices are divided into 16 privilege levels (0 to 15).
-> By default User Mode will be in privilege level 1 and Enable Mode will be present in Privilege level 15.
-> Custom Privilege levels can be created between privilege level 2 to Privilege level 14.
-> Each Privilege level can be assigned with a list of commands that are allowed to access in the privilege level.
Steps to create Custom Privilege Level
1) Login into the router with Privilege level 15.
Router> enable
Password: ****
Router # Show privilege
Current Privilege level is 15
2) Create custom Privilege level
Router #privilege exec level 2 show run
Router # Privilege exec level 2 configure terminal
3) Configure Password for the Privilege level 2
Router# enable password level 2 cisco
or
4) Assign Privilege level to the users
Router# username ccnp privilege 2 password ccnp
Note: cisco is the password for Level 2
Verification: Login into the router with Privilege level 2
Router> enable 2
password: cisco
Router # show privilege
Current Privilege level is 2
Check what are the commands are allowed in the privilege level.
Router#?
0 comments:
Post a Comment