Thursday 22 February 2018
privilege levels on Cisco ASA
The privilege levels can be configured differently for each ASA. You can setup what commands allowed on each level. 1 being the lowest 15 being the highest (administrator). Later on ASDM came along which handles it a bit differently. It only recognizes the following levels:
2 = monitor
5 = read-only
15 = administrator
You can configure what commands you want to allow for each level. For example level 1 can ping
privilege cmd level 1 mode exec command ping
By default looks like you have level 1 has come basic commands and level15 has everything. You can see all the commands by running "sh run all privilege" in the CLI.
Generally you would use the following:
level 2 = monitor (used for 3rd parties that just anyconnect in)
level 5 = read only (used for junior IT staff that need to look at ACLs and information in ASDM)
level 15 = administrator (IT admins who can make changes etc)
Some good info here:
https://supportforums.cisco.com/t5/firewalling/asa-privilege-levels-views/td-p/1570947
2 = monitor
5 = read-only
15 = administrator
You can configure what commands you want to allow for each level. For example level 1 can ping
privilege cmd level 1 mode exec command ping
By default looks like you have level 1 has come basic commands and level15 has everything. You can see all the commands by running "sh run all privilege" in the CLI.
Generally you would use the following:
level 2 = monitor (used for 3rd parties that just anyconnect in)
level 5 = read only (used for junior IT staff that need to look at ACLs and information in ASDM)
level 15 = administrator (IT admins who can make changes etc)
Some good info here:
https://supportforums.cisco.com/t5/firewalling/asa-privilege-levels-views/td-p/1570947
Subscribe to:
Posts (Atom)