0

I'm a new network admin and I'm looking through the various config files we have in our routers/switches/asa. I'm wondering if there is a way to lower trust level that my login has from 15 to something that is read only.

So if I log in to our routers and switches I'm automatically taken to the enable prompt. I'm wondering if when I log in through SSH/Telnet if that SPECIFIC session can be reduced to read only, but the next login will be back at trust level 15?

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
Jared
  • 281
  • 2
  • 4
  • 11

1 Answers1

2

You can use the command disable to reduce your privilege level; you can also specify a level to move to, i.e. disable 0 or disable 10.

Massimo
  • 70,200
  • 57
  • 200
  • 323
  • Awesome, thank you. As to your comment above. The authentication is handled via our Active Directory, which is the extent of my knowledge on that (at the moment). Happen to know the default and highest level of trust that is read-only? – Jared May 08 '13 at 16:13
  • 1
    Default levels are 1 (can't do almost anything at all) and 15 (can do everything). If you want something in the middle, you need to explicitly define it. More info here: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfpass.html. – Massimo May 08 '13 at 16:20