Allowing Access to CONFIGURATION Mode Commands
To allow access to CONFIGURATION mode, use the privilege exec level level configure
command from CONFIGURATION mode.
A user that enters CONFIGURATION mode remains at his privilege level and has access to only two
commands, end and exit. You must individually specify each CONFIGURATION mode command you
want to allow access to using the privilege configure level level command. In the command,
specify the privilege level of the user or terminal line and specify all the keywords in the command to
which you want to allow access.
Allowing Access to the Following Modes
This section describes how to allow access to the INTERFACE, LINE, ROUTE-MAP, and ROUTER modes.
Similar to allowing access to CONFIGURATION mode, to allow access to INTERFACE, LINE, ROUTE-MAP,
and ROUTER modes, you must first allow access to the command that enters you into the mode. For
example, to allow a user to enter INTERFACE mode, use the privilege configure level level
interface tengigabitethernet command.
Next, individually identify the INTERFACE, LINE, ROUTE-MAP or ROUTER commands to which you want
to allow access using the privilege {interface | line | route-map | router} level
level command. In the command, specify the privilege level of the user or terminal line and specify all
the keywords in the command to which you want to allow access.
To remove, move or allow access, use the following commands.
The configuration in the following example creates privilege level 3. This level:
• removes the resequence command from EXEC mode by requiring a minimum of privilege level 4
• moves the capture bgp-pdu max-buffer-size command from EXEC Privilege to EXEC mode by
requiring a minimum privilege level 3, which is the configured level for VTY 0
• allows access to CONFIGURATION mode with the banner command
• allows access to INTERFACE and LINE modes are allowed with no commands
• Remove a command from the list of available commands in EXEC mode.
CONFIGURATION mode
privilege exec level level {command ||...|| command}
• Move a command from EXEC Privilege to EXEC mode.
CONFIGURATION mode
privilege exec level level {command ||...|| command}
• Allow access to CONFIGURATION mode.
CONFIGURATION mode
privilege exec level level configure
• Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all the keywords in
the command.
CONFIGURATION mode
privilege configure level level {interface | line | route-map | router}
{command-keyword ||...|| command-keyword}
56
Switch Management