CBT IT Certification Training

Unlimited IT Certification Courses via Streaming Video

Login to this site requires ssl communication.
Click here to reload the page over ssl.

  • Lost your password?

  • Back to login
Loading
Login to this site requires ssl communication.
Click here to reload the page over ssl.

  • Lost your password?

  • Back to login
Loading
  • Home
  • Courses
        • Amazon
          • Solutions Architect
          • SysOps Associate
        • CompTIA
          • CASP+
          • Cloud Essentials
          • CySA+
          • Data+
          • Linux+
          • Network+
          • PenTest+
          • Project+
          • Security+
        • Juniper
          • JNCIA-Junos
          • JNCIA-SEC
          • JNCIS-ENT
          • JNCIS-SEC
        • Wireshark
          • WCNA
        • Career
          • How to Break into IT
          • IT Freelancing
          • Ace Your IT Exams
        • DevOps
          • DevOps Foundations
          • Docker Basics
        • Linux
          • CompTIA Linux+
          • Linux LPI Essentials
          • Linux LPIC-1
          • Linux LPIC-2
          • Linux LPIC-3 Security
          • Red Hat RHCSA
        • TCP-IP
          • IP Subnetting
          • IPv6 Associate
          • IPv6 Professional
          • IPv6 Expert
        • Python
          • PCEP
          • PCAP
        • Cisco
          • CCNA Primer
          • CCNA Exam Coaching
          • CCNA
          • CCNA CyberOps
          • DevNet Associate
          • CCNP – ENARSI
          • CCNP ENCOR Primer
          • CCNP – ENCOR
          • CCST – Networking
        • Google
          • Cloud Architect
        • Microsoft
          • Microsoft SQL Server
          • Windows 10
          • Windows Server 2016
          • Microsoft Security
          • Azure Fundamentals
          • Azure Administrator
          • Azure Developer
        • ITIL
          • ITIL Foundations
        • Coding Academy
          • PhP Fundamentals
          • MySQL Fundamentals
          • Web Development
          • Python For Beginners
        • EC Council
          • Certified Ethical Hacker
        • ISC2
          • SSCP
        • VMware
          • VCA Data Center
        • Wireless
          • CWNA
          • CWSP
  • Racks
    • GNS3 VM – Virtual Cisco Rack
    • Live Cisco Racks
  • Tour
  • Blog
  • Join
  • Join
  • Free IT Training
    • Free CCNA Study and Lab Guide
    • CCNA Security Study and Lab Guide
    • CompTIA Network+ Study Guide
    • CompTIA Security+ Study Guide
    • Network Design Workbook
    • Free IT Webinars
    • Free IT Exams
    • Free Labs
  • Meet the Trainers
  • Help
    • Helpdesk
    • FAQ
    • Contact Us
    • Privacy
    • Meet the Trainers
  • Products
    • IT Study Guides
  • Start $1 Trial
  • Login
  • Members
    • Account
    • Exam Coaching
    • Exams
    • Forum
    • Live Cisco Rack Training
    • Members Training
    • Member Bonuses
    • My Courses
    • Nuggets
  • Home
  • Courses
        • Amazon
          • Solutions Architect
          • SysOps Associate
        • CompTIA
          • CASP+
          • Cloud Essentials
          • CySA+
          • Data+
          • Linux+
          • Network+
          • PenTest+
          • Project+
          • Security+
        • Juniper
          • JNCIA-Junos
          • JNCIA-SEC
          • JNCIS-ENT
          • JNCIS-SEC
        • Wireshark
          • WCNA
        • Career
          • How to Break into IT
          • IT Freelancing
          • Ace Your IT Exams
        • DevOps
          • DevOps Foundations
          • Docker Basics
        • Linux
          • CompTIA Linux+
          • Linux LPI Essentials
          • Linux LPIC-1
          • Linux LPIC-2
          • Linux LPIC-3 Security
          • Red Hat RHCSA
        • TCP-IP
          • IP Subnetting
          • IPv6 Associate
          • IPv6 Professional
          • IPv6 Expert
        • Python
          • PCEP
          • PCAP
        • Cisco
          • CCNA Primer
          • CCNA Exam Coaching
          • CCNA
          • CCNA CyberOps
          • DevNet Associate
          • CCNP – ENARSI
          • CCNP ENCOR Primer
          • CCNP – ENCOR
          • CCST – Networking
        • Google
          • Cloud Architect
        • Microsoft
          • Microsoft SQL Server
          • Windows 10
          • Windows Server 2016
          • Microsoft Security
          • Azure Fundamentals
          • Azure Administrator
          • Azure Developer
        • ITIL
          • ITIL Foundations
        • Coding Academy
          • PhP Fundamentals
          • MySQL Fundamentals
          • Web Development
          • Python For Beginners
        • EC Council
          • Certified Ethical Hacker
        • ISC2
          • SSCP
        • VMware
          • VCA Data Center
        • Wireless
          • CWNA
          • CWSP
  • Racks
    • GNS3 VM – Virtual Cisco Rack
    • Live Cisco Racks
  • Tour
  • Blog
  • Join
  • Join
  • Free IT Training
    • Free CCNA Study and Lab Guide
    • CCNA Security Study and Lab Guide
    • CompTIA Network+ Study Guide
    • CompTIA Security+ Study Guide
    • Network Design Workbook
    • Free IT Webinars
    • Free IT Exams
    • Free Labs
  • Meet the Trainers
  • Help
    • Helpdesk
    • FAQ
    • Contact Us
    • Privacy
    • Meet the Trainers
  • Products
    • IT Study Guides
  • Start $1 Trial
  • Login
  • Members
    • Account
    • Exam Coaching
    • Exams
    • Forum
    • Live Cisco Rack Training
    • Members Training
    • Member Bonuses
    • My Courses
    • Nuggets

Cisco Privilege Levels

Lab 1 

Back to book index.

IOS User Commands and  Cisco Privilege Levels

Lab Objective:

The objective of this lab exercise is for you to learn and understand how implement different privilege levels for users and commands within the Cisco IOS software.

Lab Purpose:

It is important to understand that the Cisco IOS software provides the capability to restrict certain commands from being executed by different users based on their privilege levels.

Lab Difficulty:

This lab has a difficulty rating of 7/10.

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 15 minutes. 

Lab Topology:

Please use the following topology to complete this lab exercise:

Lab 1

 

Lab 1 Configuration Tasks 

Task 1:

Configure the hostnames and IP addresses on R1 and R2 as illustrated in the network diagram. Configure R2 to send R1 clocking information at a rate of 512Kbps. Ping between R1 and R2 to verify your configuration and ensure that the two routers have IP connectivity. 

Task 2:

Configure R2 with the following command restrictions:

Command Privilege Level
ping 15
traceroute 15
show ip route 15
show version 15
show 1
show ip 1

 Task 3:

Configure the following users and corresponding privilege levels on R2:

Username Privilege Level Secret
beginner 1 Cisco123
intermediate 7 Cisco456
expert 15 Cisco789

Task 4:

Configure Telnet access to R2 so that the router authenticates users based on locally configured usernames and passwords.

Task 5:

Configure R2 so that when the user named intermediate logs into the router, R2 immediately issues the output of the show ip interface brief command and logs them out automatically.

Task 6:

Telnet into R2 from R1 using username beginner and validate the following:

  • You cannot issue the ping command
  • You cannot issue the show version command
  • You cannot issue the traceroute command
  • You cannot issue the show ip route command

Telnet into R2 from R1 using username intermediate and validate the following:

  • The router prints the output of the show ip interface brief command and logs you out

Telnet into R2 from R1 using username expert and validate the following:

  • You can issue the ping command
  • You can issue the show version command 

Lab 1 Configuration and Verification

Task 1:

Router(config)#hostname R1

R1(config)#interface serial0/0

R1(config-if)#no shutdown

R1(config-if)#ip address 10.1.1.1 255.255.255.0

R1(config-if)#end

R1#

 

Router(config)#hostname R2

R2(config)#interface serial0/0

R2(config-if)#no shutdown

R2(config-if)#clock rate 512000

R2(config-if)#ip address 10.1.1.2 255.255.255.252

R2(config-if)#exit

R2(config)#exit

R2#

R2#ping 10.1.1.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

Task 2:

R2(config)#privilege exec level 1 show ip

R2(config)#privilege exec level 1 show

R2(config)#privilege exec level 15 ping

R2(config)#privilege exec level 15 traceroute

R2(config)#privilege exec level 15 show ip route

R2(config)#privilege exec level 15 show version

R2(config)#exit

R2#

Task 3:

R2(config)#username beginner privilege 1 secret cisco123

R2(config)#username intermediate privilege 7 secret cisco456

R2(config)#username expert privilege 15 secret cisco789

R2(config)#exit

R2#

Task 4:

R2(config)#line vty 0 4

R2(config-line)#login local

R2(config-line)#exit

R2(config)#exit

R2#

Task 5:

R2(config)#username intermediate autocommand show ip interface brief

R2(config)#exit

R2#

Task 6:

Because the default privilege level of these commands has been changed from 0 to 15, the user beginner – who has restricted only to level 0 commands – will be unable to execute these commands. However, any other commands (that have a privilege level of 0) will still work.

R1#telnet 10.1.1.2

Trying 10.1.1.2 … Open

 

 

User Access Verification

 

Username: beginner

Password:

 

R2>ping 10.1.1.1

^

% Invalid input detected at ‘^' marker.

 

R2>show version

^

% Invalid input detected at ‘^' marker.

 

R2>traceroute 10.1.1.1

^

% Invalid input detected at ‘^' marker.

 

R2>show ip route

^

% Invalid input detected at ‘^' marker.

 

The username [name] autocommand [line] command is used to execute the specified command immediately after the user logs in and then automatically disconnect the user session. This security mechanism can be used to restrict the information certain users can get from routers.

R1#telnet 10.1.1.2

Trying 10.1.1.2 … Open

 

 

User Access Verification

 

Username: intermediate

Password:

 

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            172.16.1.2      YES NVRAM  up                    up

Serial0/0                  10.1.1.2        YES manual up                    up

[Connection to 10.1.1.2 closed by foreign host]

R1#

Level 15 users have complete access to the entire suite of Cisco IOS commands.

R1#telnet 10.1.1.2

Trying 10.1.1.2 … Open

 

 

User Access Verification

 

Username: expert

Password:

 

R2#ping 10.1.1.1

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms

R2#

R2#show version

Cisco IOS Software, C2600 Software (C2600-ADVSECURITYK9-M), Version 12.4(15)T9, RELEASE SOFTWARE (fc5)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Compiled Tue 28-Apr-09 11:35 by prod_rel_team

 

ROM: System Bootstrap, Version 12.2(7r) [cmong 7r], RELEASE SOFTWARE (fc1)

 

R2 uptime is 11 hours, 48 minutes

System returned to ROM by power-on

System image file is “flash:c2600-advsecurityk9-mz.124-15.T9.bin”

 

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

 

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

 

If you require further assistance please contact us by sending email to

export@cisco.com.

 

Cisco 2650XM (MPC860P) processor (revision 1.0) with 127627K/3445K bytes of memory.

Processor board ID JAE07170JUQ

M860 processor: part number 5, mask 2

1 FastEthernet interface

1 Serial interface

32K bytes of NVRAM.

32768K bytes of processor board System flash (Read/Write)

 

Configuration register is 0x2102

 

R2#

R2#exit

 

[Connection to 10.1.1.2 closed by foreign host]

Lab 1 Configurations

R1 Configuration

R1#show run

Building configuration…

 

Current configuration : 2421 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

no logging console

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

!

multilink bundle-name authenticated

!

!

crypto pki trustpoint TP-self-signed-533650306

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-533650306

revocation-check none

rsakeypair TP-self-signed-533650306

!

!

crypto pki certificate chain TP-self-signed-533650306

certificate self-signed 02

30820238 308201A1 A0030201 02020102 300D0609 2A864886 F70D0101 04050030

30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 35333336 35303330 36301E17 0D303230 33303130 31343234

395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3533 33363530

33303630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

BFA77FF5 5DA56F31 10110D3C 4FD35D6D 73FCECF4 4CA7C9E3 9D74F273 32C32446

5037C8DF 3E8C9E91 8BDB70A4 777D4123 5EE29FAF 0B242DE0 90CAAD02 3511FC48

60F48E39 9F2CBA37 FE3D3A7F 0840F41E DB785FE7 1F45FF1F 58E93C0B D443E328

D8C0E8C2 7896916E 0B094B2E EBEC9368 C89FC2E1 02468E00 B9B6E9A1 0D4778DB

02030100 01A36230 60300F06 03551D13 0101FF04 05300301 01FF300D 0603551D

11040630 04820252 31301F06 03551D23 04183016 80146187 D2B080E6 4CA4B596

C026BA5E 13E1EA03 A064301D 0603551D 0E041604 146187D2 B080E64C A4B596C0

26BA5E13 E1EA03A0 64300D06 092A8648 86F70D01 01040500 03818100 1643A58E

DD5E53CC 19252661 1958B313 5E658456 13686B9E 46EF2D9E DB273F0A AAB16242

FA41F7DD CF4B006A 86C93C42 33DF5494 9269A702 1515EA22 71F36292 FDFBF0CA

2DAA158D 94759BF0 96BE918C 598A936D 73F743D0 A0B2C415 B5220ECC 720BD0D2

C9AD4DA1 72201C52 C7011ECF 1B5CF261 31AE28E8 86A6C8DD 9E2B87AD

quit

!

!

archive

log config

hidekeys

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface Serial0/0

ip address 10.1.1.1 255.255.255.0

!

ip forward-protocol nd

!

!

ip http server

ip http authentication local

ip http secure-server

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line vty 0 4

password cisco

login local

!

!

end

R2 Configuration

R2#show run

Building configuration…

 

Current configuration : 2924 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

no logging console

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

no ip domain lookup

!

multilink bundle-name authenticated

!

!

crypto pki trustpoint TP-self-signed-3473940174

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3473940174

revocation-check none

rsakeypair TP-self-signed-3473940174

!

!

crypto pki certificate chain TP-self-signed-3473940174

certificate self-signed 03

3082023A 308201A3 A0030201 02020103 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 33343733 39343031 3734301E 170D3032 30333031 30313436

30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34373339

34303137 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100C824 4F0BABB6 A557E3A3 3EE6D399 5A495CF6 8F7E131A 62670291 9710DF0F

CB6918CB D3B817C8 51D4648C 79B882A8 637804CB 8984FB80 D9F1D86B E79C8292

E1617724 252490F4 BE0322C0 5C984515 3E0A4550 75E9BCC7 7A19900C 0084F632

19643491 5C0E821D 5442E1C8 FB4BE8A3 034E2954 01B4377C DC14AF72 0F4C92DC

70A90203 010001A3 62306030 0F060355 1D130101 FF040530 030101FF 300D0603

551D1104 06300482 02523230 1F060355 1D230418 30168014 4020A082 2373EFEF

CD379B8C 2A1A4D13 43842D59 301D0603 551D0E04 16041440 20A08223 73EFEFCD

379B8C2A 1A4D1343 842D5930 0D06092A 864886F7 0D010104 05000381 81001AAA

E85188C2 E95DE2CF D61FA051 5E1D4C7D C0BC58CB CB80016D 658BBD4B B686C4B2

1B843186 2D80A25E 345FBFF9 B9976FE3 415FDA67 822C640D D01E1890 6E127888

5CF59396 BA35884D 1713DE91 6F3EA49C 2BA819FF 80B2861B 04E25605 C10FCC78

B42586D5 34259EA9 82A1662E 62A5BDD8 8AB52BA4 B9721200 795E512B 9559

quit

!

!

username beginner privilege 1 secret 5 $1$Yeha$jl.KYeF5h5MTK7UH7LOtN1

username intermediate privilege 7 secret 5 $1$5sxC$SDQbUDJIpKfHbST8wsPcf.

username intermediate autocommand show ip interface brief

username expert privilege 15 secret 5 $1$KW5c$2aN9EWbsUpfY.FchBr2df1

archive

log config

hidekeys

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface Serial0/0

ip address 10.1.1.2 255.255.255.252

clock rate 512000

!

ip forward-protocol nd

!

!

ip http server

ip http authentication local

ip http secure-server

!

!

!

!

!

control-plane

!

!

privilege exec level 15 traceroute

privilege exec level 15 ping

privilege exec level 15 show ip route

privilege exec level 1 show ip

privilege exec level 15 show version

privilege exec level 1 show

!

line con 0

line aux 0

line vty 0 4

login local

!

!

end

 

content-filler

ABOUT US

This site has been created to help you make the best out of your IT career. Whether you are trying to get your first job, get promoted, or start your own IT business, we have a course for you.

MOST POPULAR

  • Account
  • Forum
  • Live Cisco Rack Training
  • Members Training
  • Member Bonuses
  • My Courses

Members

  • Account
  • Forum
  • Live Cisco Rack Training
  • Members Training
  • Member Bonuses
  • My Courses

Newsletter

Subscription Form

Secure Site

website security secure

Copyright Reality Press Ltd . / Paul Browning

Insert/edit link

Enter the destination URL

Or link to existing content

    No search term specified. Showing recent items. Search or use up and down arrow keys to select an item.