Cisco IOS权限等级

Cisco IOS的权限等级有三个level0、level1、level15
其中level0有5条命令，level1有大概40条命令,其余的都在level15中。
高等级可以调用低等级的命令。

用户EXEC模式-权限等级1   特权EXEC模式-权限等级15

我们先看level0的命令：
Router#enable 0
Router>?
Exec commands:
  disable  Turn off privileged commands
  enable   Turn on privileged commands
  exit     Exit from the EXEC
  help     Description of the interactive help system
  logout   Exit from the EXEC
Router>enable 1
% No password set
Router>
从level0进入level1提示密码没有设置。
给level1设置密码：
Router(config)#enable password level 1 0 ipcpu
% Converting to a secret.  Please use “enable secret” in the future.
!这里面的0表示明文显示，但是IOS自动把password转为secret。

Router#enable 0
Router>en
Router>enable 1
Password:
Router>
命令如下：
Router>?
Exec commands:
  access-enable    Create a temporary Access-List entry
  access-profile   Apply user-profile to interface
  clear            Reset functions
  connect          Open a terminal connection
  disable          Turn off privileged commands
  disconnect       Disconnect an existing network connection
  enable           Turn on privileged commands
  exit             Exit from the EXEC
  help             Description of the interactive help system
  lock             Lock the terminal
  login            Log in as a particular user
  logout           Exit from the EXEC
  mrinfo           Request neighbor and version information from a multicast
                   router
  mstat            Show statistics after multiple multicast traceroutes
  mtrace           Trace reverse multicast path from destination to source
  name-connection  Name an existing network connection
  pad              Open a X.29 PAD connection
  ping             Send echo messages
  ppp              Start IETF Point-to-Point Protocol (PPP)
  resume           Resume an active network connection
  rlogin           Open an rlogin connection
  show             Show running system information
  slip             Start Serial-line IP (SLIP)
  systat           Display information about terminal lines
  telnet           Open a telnet connection
  terminal         Set terminal line parameters
  traceroute       Trace route to destination
  tunnel           Open a tunnel connection
  udptn            Open an udptn connection
  where            List active connections
  x28              Become an X.28 PAD
  x3               Set X.3 parameters on PAD

Router>

其实level1级别就是从console登录到路由router> 的最初级别

接下来我们设置几个用户，将15级的命令clear line放到1级：

Router(config)#username wss privilege 1 password wss
登陆后
Router>clear ?
% Unrecognized command
Router>en
Password:
Router#conf t
Router(config)#privilege exec level 1 clear line
再次用wss登陆
Router>clear line ?
  <0-70>   Line number
  aux      Auxiliary line
  console  Primary terminal line
  tty      Terminal controller
  vty      Virtual terminal

Router>clear line

IOS可以使用privilege命令将1或者15的命令抠出来，放到其中的几个级别。

我们平时使用的enable实际就是enable 15的简写
Router(config)#enable secret level 15 0 ncist

再次登陆验证！
H3C设备的命令级别分4个： 访问级0级、监控级1级、系统级2级、管理级3级。