Big operations shops use privelege levels to allow NOC personnel to perform certain limited configuration commands - for example to give the NOC the ability to clear lines or configure an interface but not to reconfigure routing, or to disable debug commands from a particular priveleged EXEC secret password level. I've also used menus at login to accomplish similar functions. see http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur _c/scprt5/scpass.htm (watch wrap) ----- Original Message ----- From: "Jason Roysdon" To: Sent: Saturday, May 05, 2001 9:28 PM Subject: Re: "enable password level" command [7:3277] > Best practice is to not use enable password period. Use enable secret. > Regarding your real question, what level to set? I've never thought or seen > anyone limiting the enable secret command (as this is the "root" command in > essence to the router). I don't think you'd normally do this, but rather > have AAA or local users defined with levels set. > > -- > Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ > List email: [EMAIL PROTECTED] > Homepage: http://jason.artoo.net/ > > > > ""Albert Lu"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > Hi Group, > > > > Could someone give me an explanation and "best practise" in production > > networks for the "enable password level" command? I know that it is > between > > 1-15, with level 1 the lowest and 15 the highest level for most access. > Are > > the levels 2-14 user configurable? > > > > > > Thanks > > > > Albert > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=3379&t=3277 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
