Cisco Enable Levels

[strangepurple]

Hi I'm trying to allow one of our clients the ability to log into our cisco router, but only let him view the settings via show commands. I don't want him to have any access to config or boot etc. I am looking into the commands configure-t# enable (x) where X is the level of security, but I was wondering if anyone can give me a listing of what the individual levels allow access to. I believe I could go through and define access for each command, but I am assuming that a certain level (x) is preset to allow or disallow certain things, If anyone could help me out that would be great, thanks.

 

[lanbrown]

What does he need to be able to do/view? If it's view only, then why even give him any type of enable access? You can do plenty of show commands without the need for second level access. The only time I have ever used the different enable levels is when I only wanted the NOC of a different group of the company the ability to clear a port on an access server. I only granted them the right to clear ports though and nothing more.

 

[strangepurple]

all he needs is to be able to view, so how would i go about doing that, ( im really new to this)

 

[lanbrown]

It can be done one of two ways. The first, is give him the password to the first level. That's the password you enter when you first telnet to the router. I feel this is a bad idea. The better solution is to create usernames on the router. This way when you connect, it will ask for a username and then a password. This obviously provides a better method of security. You would need to create him and account, as well as one for yourself and anyone else that would need access. You could have people share an account, but I would look at individual accounts. Easier when someone leaves, just delete their account and you don’t have to change the others. As for view access, first level provides it. Telnet to your router, but don’t go to enable and see for yourself.