cisco ios 权限等级详解
Cisco IOS实际上十六种不同的权限等级:level0-level15。当在Cisco IOS中进入不同的权限等级时,你的权限等级越高,你在路由器中能进行的操作就越多。实际上,Cisco ios只有三个权限等级可用:level0:仅有少数几条命令可用。level1:用户EXEC模式,能使用部分命令。在这个模式中,你可以查看路由器的某些信息,例如接口状态,而且你可以查看路由表中的路由。然而,你不
Cisco IOS实际上十六种不同的权限等级:level0-level15。当在Cisco IOS中进入不同的权限等级时,你的权限等级越高,你在路由器中能进行的操作就越多。
实际上,Cisco ios只有三个权限等级可用:
level0:仅有少数几条命令可用。
level1:用户EXEC模式,能使用部分命令。
在这个模式中,你可以查看路由器的某些信息,例如接口状态,而且你可以查看路由表中的路由。然而,你不能做任何修改或查看运行的配置文件。
level15:特权EXEC模式,能执行所有命令。
在Cisco IOS当中,这个等级相当于在UNIX拥有root权限或者在Windows中拥有管理员权限。换句话说,你可以对路由器进行全面控制。
level2-level14没有具体定义,实际上继承了level1的权限。
1、level0可以使用的命令
2、level1-用户EXEC模式可以使用的命令
从level0进入level1,没有设置level1的enable密码,进入失败。
输入enable,默认进入level15---没有设置enable密码。
从level15进入level1,不需要enable密码。
Router>sh pri
Current privilege level is 1
Router>?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
atmdx Test ATMDX system
attach attach to system component
clear Reset functions
connect Open a terminal connection
crypto Encryption related commands.
disable Turn off privileged commands
disconnect Disconnect an existing network connection
do-exec Mode-independent "do-exec" prefix support
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lig LISP Internet Groper
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
mrinfo Request neighbor and version information from a multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
pad Open a X.29 PAD connection
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
release Release a resource
renew Renew a resource
resume Resume an active network connection
rlogin Open an rlogin connection
routing-context Routing Context
set Set system parameter (not config)
show Show running system information
slip Start Serial-line IP (SLIP)
ssh Open a secure shell client connection
systat Display information about terminal lines
tclquit Quit Tool Command Language shell
tdm TDM
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
tunnel Open a tunnel connection
udptn Open an udptn connection
where List active connections
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD
Router>
level1权限下,可以使用命令有40+。其中包括level0的所有命令。
Router>sh pri
Current privilege level is 1
Router>sh ?
aaa Show AAA values
acircuit Access circuit info
adjacency Adjacent nodes
ancp ANCP information
aps APS information
arp ARP table
auto Show Automation Template
backup Backup status
bfd BFD protocol info
bgp BGP information
bootflash: display information about bootflash: file system
bootvar Boot and related environment variable
c7200 Show c7200 information
calendar Display the hardware calendar
call Show call
call-home Show command for call home
capability Capability Information
cca CCA information
cdapi CDAPI information
class-map Show CPL Class Map
clock Display the system clock
cns CNS agents
compress Show compression statistics
connection Show Connection
context Show context information about recent crash(s)
controllers Interface controller status
cops COPS information
crypto Encryption module
dampening Display dampening information
device-sensor Shows Device Sensor Information
dialer Dialer parameters and statistics
disk0: display information about disk0: file system
disk1: display information about disk1: file system
dss DSS information
eigrp EIGRP show commands
event-manager Event manager information
exception exception informations
facility-alarm Show Facility Alarms
flash: display information about flash: file system
flow-sampler Display the flow samplers configured
format Show format information
funi FUNI information
hosts IP domain-name, lookup style, nameservers, and host table
hw-module Show hardware module commands
if-mgr if-mgr information
inventory Show the physical inventory
ip IP information
ipam IP Addr Mgr (IPAM) information
ipc Interprocess communications commands
ipv6 IPv6 information
kerberos Show Kerberos Values
kron Kron Subsystem
l2vpn Show information about Layer2 VPN
lisp Locator/ID Separation Protocol
location Display the system location
login Display Secure Login Configurations and State
management Display the management applications
memory Memory statistics
microcode show configured microcode for downloadable hardware
mls multilayer switching information
modemcap Show Modem Capabilities database
mpls MPLS information
mtm MTM
odm-format Show the schema used for ODM input file
ospfv3 OSPFv3 information
parser Display parser information
policy-map Show Policy Map
ppp PPP parameters and statistics
pppoe PPPoE information
qbm QoS Bandwidth Manager information
radius Shows radius information
rbscp RBSCP information
resource-group Resource group statistics
rmon rmon statistics
rom-monitor show ROMMON region information
route-tag route-tag information
sasl show SASL information
service-routing Service-Routing show commands
sessions Information about Telnet connections
sgbp SGBP group information
slot0: display information about slot0: file system
slot1: display information about slot1: file system
snmp snmp statistics
srcp Display SRCP Protocol information
srp SRP information
ssh Status of SSH server connections
subscriber Subscriber Service Switch Information
syscon System Controller information
tacacs Shows tacacs+ server statistics
tdm TDM
template Template information
terminal Display terminal configuration parameters
test_rib_access RIB_ACCESS TEST info
time-range Time range
topology Topology instance information
upgrade Show upgrade commands
users Display information about terminal lines
vc-group Show VC Group
version System hardware and software status
vfi Virtual Forwarding Instance information
vnet Virtual NETwork instance information
vpdn VPDN information
vrf VPN Routing/Forwarding instance information
vrrp VRRP information
vrrs VRRS information
warm-reboot Show Warm Reboot related information
wsma Show Web Services Management Agents information
xconnect Xconnect information
xos Cross-OS Library Information and Traces
xsd-format Show the ODM XSD for the command
Router>sh
level1权限下,show命令可以查看大部分能查看的内容。
不包括show runn show start等..........
3、level2-level14特权EXEC模式可以使用的命令
Router>en
Router#sh pri
Current privilege level is 15
Router#enable 2
Router#sh pri
Current privilege level is 2
Router#?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
atmdx Test ATMDX system
attach attach to system component
clear Reset functions
connect Open a terminal connection
crypto Encryption related commands.
disable Turn off privileged commands
disconnect Disconnect an existing network connection
do-exec Mode-independent "do-exec" prefix support
enable Turn on privileged commands
exit Exit from the EXEC
help Description of the interactive help system
lig LISP Internet Groper
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
mrinfo Request neighbor and version information from a multicast
router
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
pad Open a X.29 PAD connection
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
release Release a resource
renew Renew a resource
resume Resume an active network connection
rlogin Open an rlogin connection
routing-context Routing Context
set Set system parameter (not config)
show Show running system information
slip Start Serial-line IP (SLIP)
ssh Open a secure shell client connection
systat Display information about terminal lines
tclquit Quit Tool Command Language shell
tdm TDM
telnet Open a telnet connection
terminal Set terminal line parameters
traceroute Trace route to destination
tunnel Open a tunnel connection
udptn Open an udptn connection
where List active connections
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD
Router#
level2-level14特权EXEC模式可以使用的命令和level1模式下是一样的。
4、level15特权EXEC模式可以使用的命令
Router#sh pri
Current privilege level is 2
Router#en
Router#sh pri
Current privilege level is 15
Router#?
Exec commands:
access-enable Create a temporary Access-List entry
access-profile Apply user-profile to interface
access-template Create a temporary Access-List entry
archive manage archive files
atmdx Test ATMDX system
attach attach to system component
auto Exec level Automation
beep Blocks Extensible Exchange Protocol commands
bfe For manual emergency modes setting
calendar Manage the hardware calendar
call-home Call-Home commands
cd Change current directory
chkflash Check flash filesystem
clear Reset functions
clock Manage the system clock
cns CNS agents
configure Enter configuration mode
connect Open a terminal connection
connectedapps Connected applications related commands
copy Copy from one file to another
crypto Encryption related commands.
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
disable Turn off privileged commands
disconnect Disconnect an existing network connection
do-exec Mode-independent "do-exec" prefix support
enable Turn on privileged commands
erase Erase a filesystem
event Event related commands
exit Exit from the EXEC
format Format a filesystem
fsck Filesystem check
help Description of the interactive help system
hw-module Slot level commands
if-mgr IF-MGR operations
isdn Run an ISDN EXEC command on an ISDN interface
l2vpn Layer2 VPN commands
lig LISP Internet Groper
lock Lock the terminal
logging Handles logging operations
login Log in as a particular user
logout Exit from the EXEC
microcode microcode commands
mkdir Create new directory
monitor Monitoring different system events
more Display the contents of a file
mpls MPLS commands
mrinfo Request neighbor and version information from a multicast
router
mrm IP Multicast Routing Monitor Test
mstat Show statistics after multiple multicast traceroutes
mtrace Trace reverse multicast path from destination to source
name-connection Name an existing network connection
no Disable debugging functions
pad Open a X.29 PAD connection
partition Partition disk
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
pwd Display current working directory
release Release a resource
reload Halt and perform a cold restart
rename Rename a file
renew Renew a resource
restart Restart Connection/Interface
resume Resume an active network connection
rlogin Open an rlogin connection
rmdir Remove existing directory
routing-context Routing Context
rsh Execute a remote command
send Send a message to other tty lines
set Set system parameter (not config)
setup Run the SETUP command facility
show Show running system information
slip Start Serial-line IP (SLIP)
snmp snmp commands
spec-file format spec file commands
squeeze Squeeze a filesystem
ssh Open a secure shell client connection
start-chat Start a chat-script on a line
systat Display information about terminal lines
tclquit Quit Tool Command Language shell
tclsh Tool Command Language shell
tdm TDM
telnet Open a telnet connection
terminal Set terminal line parameters
test Test subsystems, memory, and interfaces
traceroute Trace route to destination
tunnel Open a tunnel connection
udptn Open an udptn connection
undebug Disable debugging functions (see also 'debug')
undelete Undelete a file
upgrade Upgrade commands
verify Verify a file
where List active connections
which-route Do OSI route table lookup and display results
write Write running configuration to memory, network, or terminal
x28 Become an X.28 PAD
x3 Set X.3 parameters on PAD
xconnect Xconnect EXEC commands
Router#
level15相比level1-14多出来的命令有:
Router#
access-template Create a temporary Access-List entry
archive manage archive files
auto Exec level Automation
beep Blocks Extensible Exchange Protocol commands
bfe For manual emergency modes setting
calendar Manage the hardware calendar
call-home Call-Home commands
cd Change current directory
chkflash Check flash filesystem
clock Manage the system clock
cns CNS agents
configure Enter configuration mode
connectedapps Connected applications related commands
copy Copy from one file to another
debug Debugging functions (see also 'undebug')
delete Delete a file
dir List files on a filesystem
erase Erase a filesystem
event Event related commands
format Format a filesystem
fsck Filesystem check
hw-module Slot level commands
if-mgr IF-MGR operations
isdn Run an ISDN EXEC command on an ISDN interface
l2vpn Layer2 VPN commands
logging Handles logging operations
microcode microcode commands
mkdir Create new directory
monitor Monitoring different system events
more Display the contents of a file
mpls MPLS commands
mrm IP Multicast Routing Monitor Test
no Disable debugging functions
partition Partition disk
pwd Display current working directory
reload Halt and perform a cold restart
rename Rename a file
restart Restart Connection/Interface
rmdir Remove existing directory
rsh Execute a remote command
send Send a message to other tty lines
setup Run the SETUP command facility
snmp snmp commands
spec-file format spec file commands
squeeze Squeeze a filesystem
start-chat Start a chat-script on a line
tclsh Tool Command Language shell
test Test subsystems, memory, and interfaces
undebug Disable debugging functions (see also 'debug')
undelete Undelete a file
upgrade Upgrade commands
verify Verify a file
which-route Do OSI route table lookup and display results
write Write running configuration to memory, network, or terminal
xconnect Xconnect EXEC command
5、level15特权EXEC模式show命令
比level1-level14 模式下show命令多出来的参数:
Router#sh ?
access-expression List access expression
access-lists List access lists
aliases Display alias commands
alignment Show alignment information
archive Archive functions
async Information on terminal lines used as router interfaces
beep Show BEEP information
bridge Bridge Forwarding/Filtering Database [verbose]
buffers Buffer pool statistics
cdp CDP information
cef CEF address family independent status
clns CLNS network information
cls DLC user information
configuration Contents of Non-Volatile memory
connectedapps ConnectedApps related commands
data-corruption Show data errors
database Show Database
debugging State of each debugging option
derived-config Derived operating configuration
dhcp Dynamic Host Configuration Protocol status
diag Show diagnostic information for port adapters/modules
dmvpn Display DMVPN session related information
dnsix Shows Dnsix/DMDP information
dwnld_mgr Download Manager
dxi atm-dxi information
eap Shows EAP registration/session information
ecc Show Single Bit ECC error log
entry Queued terminal entries
environment Environmental monitor statistics
event Embedded event related commands
file Show filesystem information
flow Flow information
frame-relay Frame-Relay information
glbp GLBP information
history Display the session command history
html HTML helper commands
idb List of Interface Descriptor Blocks
idmgr IDMGR interaction
interfaces Interface status and configuration
isis IS-IS routing information
key Key information
l3vpn l3vpn encapsulation ip commands
line TTY line information
llc2 IBM LLC2 circuit information
logging Show the contents of logging buffers
mfib MFIB address family independent status
monitor Monitoring different system events
nbf NBF (NetBEUI) information
netbios-cache NetBIOS name cache contents
netconf Show NETCONF information
network-clocks Network clocks information
nhrp Display NHRP related information
nmsp nmsp show commands
ntp Network time protocol
object-group List object groups
pas Port Adaptor Information
pci PCI Information
persistent Show persistent information
pfr Performance Routing(PfR) information
platform Show platform information
policy-manager Policy Manager
pppatm PPP over ATM
privilege Show current privilege level
processes Active process statistics
protocols Active network routing protocols
radius-proxy Shows radius-proxy client/session information
redirect Show L4 redirect information
region Region Manager Status
registry Function registry information
reload Scheduled reload information
resource Display Resource Usage/Relations and more details
rhosts Remote-host+user equivalences
rib Routing Information Base
rif RIF cache entries
route-map route-map information
running-config Current operating configuration
sampler Sampler information
sdllc Display sdlc - llc2 conversion information
smf Software MAC filter
snapshot Snapshot parameters and statistics
source-bridge Source-bridge parameters and statistics
spanning-tree Spanning tree topology
ssm Segment Switching Manager Status
stacks Process stack utilization
standby Hot Standby Router Protocol (HSRP) information
startup-config Contents of startup configuration
subscriber-policy Subscriber policy
subsys Show subsystem information
tcp Status of TCP connections
tech-support Show system information for Tech-Support
track Tracking information
translate Protocol translation information
tunnel Show configured tunnels
vlan-range VLAN Range
vlans Virtual LANs Information
vtemplate Virtual Template interface information
whoami Info on current tty line
x25 X.25 information
x29 X.29 information
Router#sh
6、对比
7、权限等级之间的关系
低等级进入高等级,需要输入高等级设置的enable密码,没有设置的话,无法进入高等级;
高等级进入低等级,不需要输入低等级设置的enable密码,即使没有设置低等级的enable密码。
8、各个权限等级的enable密码设置
前面文章介绍了enable密码的4中设置方式及区别,这里使用第一种方式为例介绍。
系统自动使用sha256算法将level1-level14的enable密码加密了。
level15的密码没有加密。
R2#sh pri
Current privilege level is 15 //当前处于level15
R2#enable 1 //进入level1
R2>sh pri //直接进入,无需enable密码
Current privilege level is 1
R2>enable 10 //从level1进入level10
Password: //输入test3
Password: //进不去,再输test10
R2#sh pri
Current privilege level is 10 //顺利进入level10
R2#
R2#enable 7 //进入level7
R2#sh pri //无需enable密码
Current privilege level is 7 //顺利进入level7
R2#
R2#en 14 //进入level14
Password: //输入level14的enable密码:test14
R2#sh pri
Current privilege level is 14
R2#en //直接enable,默认进入level15
Password: //输入level14的enable密码:test15
R2#sh pri
Current privilege level is 15
R2#
总结:
1、低等级进入高等级,需要输入高等级设置的enable密码,没有设置的话,无法进入高等级;
2、高等级进入低等级,不需要输入低等级设置的enable密码,即使没有设置低等级的enable密码。
enable的主要作用:权限等级的提升。
9、 本地定义的用户的权限等级
A、默认设置
添加本地用户是,不指定权限等级。
在R5上用刚添加的本地用户telnet登录R2。
默认添加的本地用户,默认赋予的权限等级为1。
telnet登录后进入用户exec模式。
B、指定本地用户的权限等级
添加本地用户test10,同时指定该用户的权限等级为10。
在R5上用刚添加的本地用户telnet登录R2。
本地指定(指定义了权限等级)用户telnet登录后进入特权exec模式。
附:
指定所有的telnet用户登录后直接进入level0。
分别使用本地用户test1和test10从R5telnetR2
失败,本地用户telnet登录后,进入的都是本身设置好或者默认的权限等级。
修改line vty 0 4配置
使用line密码登录的用户的权限为level0(默认是level1)。
总结:
1、line密码登录:登录后的权限等级默认为1,可以手动设置为level0-level15;
line vty 0 4
privilege level 0 //登录后的权限等级-默认是1
password admin //line密码
login //line密码登录
transport input telnet //登录方式2、本地用户密码登录:登录后的权限等级为本地用户定义时指定的权限等级。
line vty 0 4
privilege level 0 //本地登录方式下无效
password admin //本地登录方式下无效
login local //本地登录-使用本地用户名和密码登录
transport input telnet //登录方式
10、 小结
level1-level15的enable密码。其中level1-level14的enable密码被sha256加密了。
enable的主要作用:权限等级的提升。
定义本地用户16个,分别指定权限等级level0-level15。
问题:
1、用户test2-test14虽然权限等级都不一样,都比test1高,但是能够使用的命令和test1能够使用的命令是一样的。
2、level0权限太低,不作讨论。
level1,只能查看大部分配置,不能做配置、或者更改,权限相对来说不够;
level2-leve14,实际上是继承了level1的权限,能够做的和level1一样;
level15,权限太高,啥都能干。
11、 赋权
level15权限太高,level2-level14权限太低。
赋权:就是将权限等级高的部分命令抠出来赋给权限等级低的,让其也能拿使用这些命令,不用进入高等级权限。
使用本地用户test8 从R5 telnet R2 后,没有show startup-config命令。
将show startup-config命令赋予level8
使用本地用户test8 从R5 telnet R2 后,发现有show startup-config命令。
使用本地用户test10 从R5 telnet R2 后 ,发现本地用户test10 也能使用show startup-config命令。
说明:高等级自动继承低等级的权限。
使用本地用户test7 从R5 telnet R2 后 ,发现本地用户test7没有show命令。
同样,level1-level6也没有了show命令。
privilege exec level 8 show startup-config做了两件事:
1、将show命令赋予level8,导致只有level8及以上才能使用show 命令;
2、将只有level15才能执行的show startup-config赋予level8,导致level8及以上(包括level15)都能执行show startup-config
---------------privilege 赋权一定要谨慎!!!!
【在前面的基础上再一次赋权:privilege exec level 1 show】
使用本地用户test1 从R5 telnet R2 后 ,发现show命令回来,但是没有show startup-config
使用本地用户test10 从R5 telnet R2 后 ,发现本地用户test10 能使用show startup-config命令(权限继承自level8)。
附:
1、privilege exec level ?
这里的exec指特权exec。为什么不会是用户exec?
意思即:将特权exec模式下的命令赋予level后指定权限等级。
因为用户exec已经是除了level0之外的最低等级的权限了,level2-level15高等级自动继承低等级的权限。
level2-level15都属于特权exec。
特权exec模式下的命令即:
2、privilege config level ?
意思即:将全局配置模式下的命令赋予level后指定权限等级。
全局配置模式下的命令即:
3、privilege interface level ?
意思即:将接口配置模式下的命令赋予level后指定权限等级。
接口配置模式下的命令即:
4、privilege router level ?
意思即:将路由配置模式下的命令赋予level后指定权限等级。
路由配置模式下的命令即:
其他可以赋权或者授权的命令,请自行查阅相关文档。
R2(config)#privilege ?
ANCP ANCP configuration mode
RITE-profile Router IP traffic export profile command mode
RMI-Node-Config Resource Policy Node Config mode
RMI-Resource-Group Resource Group Config mode
RMI-Resource-Manager Resource Manager Config mode
RMI-Resource-Policy Resource Policy Config mode
SASL-profile SASL profile configuration mode
aaa-attr-list AAA attribute list config mode
aaa-user AAA user definition
accept-dialin VPDN group accept dialin configuration mode
accept-dialout VPDN group accept dialout configuration mode
acct_mlist AAA accounting methodlist definitions
address-family Address Family configuration mode
archive Archive the router configuration mode
atm-l2trans-pvc-config ATM L2transport PVC configuration mode
atm-l2trans-pvp-config ATM L2transport PVP configuration mode
atm-pvc-range-config ATM PVC Range configuration mode
atm-range-pvc-config ATM PVC in Range configuration mode
atm-vc-config ATM virtual circuit configuration mode
auto-ip-sla-mpls Auto IP SLA MPLS LSP Monitor configs
auto-ip-sla-mpls-lpd-params Auto IP SLA MPLS LPD params configs
auto-ip-sla-mpls-params Auto IP SLA MPLS LSP Monitor Params configs
bba-group BBA Group configuration mode
bfd-template BFD template configuration mode
bgp address-family Address Family configuration mode
bgp-rs-afctx Route server AF context configuration mode
bgp-rs-context Route server context configuration mode
call-home call-home config mode
call-home-profile call-home profile config mode
casa-config Casa configuration mode
casa-config-wc Forwarding agent wildcard configuration mode
cascustom Cas custom configuration mode
cfg-af-topo Configure non-base topology mode
cfg-pathoption-list Path-option list configuration mode
cm-ac AC-AC connect configuration mode
cns-connect-config CNS Connect Info Mode
cns-connect-intf-config CNS Connect Intf Info Mode
cns-tmpl-connect-config CNS Template Connect Info Mode
cns_inventory_submode CNS Inventory SubMode
conf-rad-filter RADIUS filter config mode
conf-rad-server RADIUS server config mode
conf-tac-server Tacacs Server Definition
config-l2tp-class l2tp-class configuration mode
config-onep-mode Connected applications configuration mode
config-sensor-cdplist Subscriber CDP attribute list
config-sensor-dhcplist Subscriber DHCP attribute list
config-sensor-lldplist Subscriber LLDP attribute list
config-st-pw-oam-class st-pw-oam-class configuration mode
configure Global configuration mode
congestion Frame Relay congestion configuration mode
conn Connection configuration mode
control-class-map control-classmap config mode
controller Controller configuration mode
crypto-identity Crypto identity config mode
crypto-ipsec-profile IPSec policy profile mode
crypto-keyring Crypto Keyring command mode
crypto-map Crypto map config mode
crypto-map-fail-close Crypto map fail close mode
crypto-transform Crypto transform config mode
dfp-submode DFP config mode
dhcp DHCP pool configuration mode
dhcp-class DHCP class configuration mode
dhcp-global-options DHCP global options configuration mode
dhcp-pool-class Per DHCP pool class configuration mode
dhcp-relay-info DHCP class relay agent info configuration mode
dhcp-subnet-secondary Per DHCP secondary subnet configuration mode
dspfarm DSP farm configuration mode
eap-profile-mode eap profile configuration mode
eigrp_af_classic_submode Address Family configuration mode
eigrp_af_intf_submode Address Family interfaces configuration mode
eigrp_af_intf_vnet_submode Address Family interfaces vnet configuration mode
eigrp_af_submode Address Family configuration mode
eigrp_af_topo_submode Address Family Topology configuration mode
eigrp_sf_intf_submode Service Family interfaces configuration mode
eigrp_sf_submode Service Family configuration mode
eigrp_sf_topo_submode Service Family Topology configuration mode
exec Exec mode
extcomm-list IP Extended community-list configuration mode
fh_applet FH Applet Entry Configuration
fh_applet_trigger FH Applet Trigger Configuration
filterserver AAA filter server definitions
flow-cache Flow aggregation cache config mode
flow-sampler-map Flow sampler map config mode
flowexp Flow Exporter configuration mode
flowmon Flow Monitor configuration mode
flowrec Flow Record configuration mode
fr-fr FR/FR connection configuration mode
fr-pw FR/PW connection configuration mode
fr-vcb-bmode FR VC Bundle mode
fr-vcb-mmode FR VC Bundle Member mode
frf5 FR/ATM Network IWF configuration mode
frf8 FR/ATM Service IWF configuration mode
funi-vc-config FUNI virtual circuit configuration mode
if-topo Configure interface topology parameters
if-vnet Configure VNET interface parameters
interface Interface configuration mode
interface-dlci Frame Relay dlci configuration mode
ip-explicit-path-p2p IP explicit path configuration mode
ip-portbundle Configure IP Portbundle parameters
ip-sla IP SLAs entry configuration
ip-sla-am-grp IP SLAs auto group config
ip-sla-am-schedule IP SLAs auto group schedule config
ip-sla-dhcp IP SLAs dhcp configuration
ip-sla-dns IP SLAs dns configuration
ip-sla-ethernet-echo IP SLAs Ethernet Echo configuration
ip-sla-ethernet-jitter IP SLAs Ethernet Jitter configuration
ip-sla-ethernet-monitor IP SLAs Ethernet configs
ip-sla-ethernet-monitor-params IP SLAs Ethernet Params configs
ip-sla-ftp IP SLAs ftp configuration
ip-sla-http IP SLAs http configuration
ip-sla-http-rr IP SLAs HTTP raw request Configuration
ip-sla-icmpEcho IP SLAs icmpEcho configuration
ip-sla-lspPing IP SLAs lsp ping configuration
ip-sla-lspTrace IP SLAs lsp trace configuration
ip-sla-pathEcho IP SLAs pathEcho configuration
ip-sla-pathJitter IP SLAs pathJitter configuration
ip-sla-server-twamp IPPM Server TWAMP submode
ip-sla-tcp IP SLAs tcpConnect configuration
ip-sla-tplt-dest IP SLAs auto destination submode
ip-sla-tplt-dest-disc IP SLAs auto dest-auto config
ip-sla-twamp IP SLAs TWAMP configuration
ip-sla-udpEcho IP SLAs udpEcho configuration
ip-sla-udpJitter IP SLAs udpJitter configuration
ip-sla-vccv IP SLA vccv configuration
ip-subscriber IP subscriber config mode
ipczone IPC Zone config mode
ipczone-assoc IPC Association config mode
ipenacl IP named extended access-list configuration mode
iprbacl IP role-based access-list configuration mode
ipsnacl IP named simple access-list configuration mode
ipsub-server-list IP subscriber list mode
ipv6-router IPv6 router configuration mode
ipv6acl IPv6 access-list configuration mode
ipv6dhcp IPv6 DHCP configuration mode
ipv6dhcpvs IPv6 DHCP Vendor-specific configuration mode
ipv6rbacl IPv6 role-based access-list configuration mode
isakmp-profile Crypto ISAKMP profile command mode
kron-occurrence Kron Occurrence SubMode
kron-policy Kron Policy SubMode
l2 vfi configuration mode
l2 pw rtg l2_pw_rtg configuration mode
l2-vfi-neighbor VFI neighbor configuration mode
l2-vfi-neighbor-interface VFI neighbor local interface submode
l2vpn L2VPN configuration mode
l2vpn-vfi l2vpn vfi configuration mode
l2vpn-vfi-autodiscovery l2vpn vfi autodiscovery configuration mode
l2vpn-xc L2VPN xconnect configuration mode
l3vpn l3vpn encap ip configuration mode
line Line configuration mode
lisp-site LISP site configuration mode
lisp-top LISP router configuration mode
lisp-top-eid-table LISP eid-table configuration mode
lisp-top-locator-set LISP locator-set configuration mode
lisp-top-site LISP site configuration mode
log_config Log configuration changes made via the CLI
lsp-attribute-list LSP attribute list configuration mode
lw-vlan-id VLAN-id configuration mode
lw-vlan-range VLAN-range configuration mode
map-class Map class configuration mode
map-list Map list configuration mode
mpls-te-dest-list MPLS TE destination list config mode
multicast-flows-classmap multicast-classmap config mode
network-object-group ACL Object Group configuration
null-interface Null interface configuration mode
oam LSP Verification configuration mode
oer_mc PfR master controller configuration submode
oer_mc_br PfR managed border router configuration submode
oer_mc_br_if PfR Border Exit configuration submode
oer_mc_learn PfR Top Talker and Delay learning configuration submode
oer_mc_learn_list PfR learn list configuration submode
oer_mc_map pfr-map config mode
parser_test Test mode for internal test purposes
pfr_br PfR border router configuration submode
policy-list IP Policy List configuration mode
policymap-service Policymap Service configuration mode
policymap-service-classmap config-service-policymap-class-traffic config mode
policymap-service-default-classmap config-service-policymap-class-traffic config mode
preauth AAA Preauth definitions
profile-map profile-map config mode
pseudowire-class Pseudowire-class configuration mode
pw-tlv-template PW TLV template configuration mode
radius-attrl Radius Attribute-List Definition
radius-da-locsvr Radius Application configuration
radius-locsvr-client Radius Client configuration
radius-policy-device-locsvr Radius Application configuration
radius-proxy-locsvr Radius Application configuration
radius-sesm-locsvr Radius Application configuration
request-dialin VPDN group request dialin configuration mode
request-dialout VPDN group request dialout configuration mode
rib_rwatch_test RIB_RWATCH test configuration mode
route-map Route map config mode
router Router configuration mode
router-af-topology Topology configuration mode
router_eigrp_classic EIGRP Router configuration classic mode
router_eigrp_named EIGRP Router configuration named mode
rsvp-local-if-policy RSVP local policy interface configuration mode
rsvp-local-policy RSVP local policy configuration mode
rsvp-local-subif-policy RSVP local policy sub-interface configuration mode
rule-map config-control-policymap config mode
rule-map-condition config-control-policymap-class-control config mode
sampler Sampler configuration mode
scope scope configuration mode
scope address-family Address Family configuration mode
scope address-family topology Topology configuration mode
security-object-group User Object Group configuration
sep-init-config WSMA Initiator profile Mode
sep-listen-config WSMA Listener profile Mode
service-object-group ACL Object Group configuration
sg-l4redirect-group SG l4 redirect server group mode
sg-radius Radius Server-group Definition
sg-tacacs+ Tacacs+ Server-group Definition
sg_pm_prepaid prepaid configuration
sr_sf_cfg SAF external client configuration submode
sr_sf_listen_cfg SAF external client configuration mode
sr_test_api_reg_mode service-routing exec test api mode
sr_xmcp_listen_cfg XMCP configuration mode
sr_xmcp_listen_client_cfg XMCP Client configuration mode
ssh-pubkey SSH public key identification mode
ssh-pubkey-server SSH public key entry mode
ssh-pubkey-user SSH public key entry mode
subscriber-policy Subscriber policy configuration mode
tcl Tcl mode
te-class TE-Class configuration mode
template Template configuration mode
template-peer-policy peer-policy configuration mode
template-peer-session peer-session configuration mode
template_efp Template configuration mode for Ethernet Service
template_pw Template configuration mode for pseudowire
top-af-base AF base topology configuration mode
top-talkers Netflow top talkers config mode
tracking-config Tracking configuration mode
traffic-class-map traffic-classmap config mode
vc-class VC class configuration mode
vc-group VC group configuration mode
view View configuration mode
vpdn-group VPDN group configuration mode
vpdn-template VPDN template configuration mode
vrf Configure VRF parameters
vrf-af Configure IP VRF parameters
vrf-list Configure VRF list parameters
vrrs VRRS configuration mode
wsma-config-agent WSMA Config Agent Profile configuration mode
wsma-exec-agent WSMA Exec Agent Profile configuration mode
wsma-filesys-agent WSMA FileSys Agent Profile configuration mode
wsma-notify-agent WSMA Notify Agent Profile configuration mode
xconnect-backup-connect-config Connect Backup xconnect configuration submode
xconnect-backup-if-config Backup Xconnect sub-interface configuration submode
xconnect-backup-subif-config Backup Xconnect sub-interface configuration submode
xconnect-cem-backup-config Xconnect backup cem configuration submode
xconnect-cem-config Xconnect CEM submode
xconnect-cem-data-backup-config Xconnect cem data backup configuration submode
xconnect-cem-data-config Xconnect CEM data submode
xconnect-cem-sig-backup-config Xconnect cem sig backup configuration submode
xconnect-cem-sig-config Xconnect CEM sig submode
xconnect-conn-config Xconnect connect configuration submode
xconnect-dlci-backup-config Xconnect backup FR DLCI configuration submode
xconnect-dlci-config Xconnect FR DLCI configuration submode
xconnect-if-config Xconnect interface configuration submode
xconnect-pvc-backup-config Xconnect backup ATM PVC configuration submode
xconnect-pvc-config Xconnect atm l2transport PVC configuration submode
xconnect-pvp-backup-config Xconnect backup ATM PVP configuration submode
xconnect-pvp-config Xconnect atm l2transport PVP configuration submode
xconnect-subif-config Xconnect sub-interface configuration submode
xconnect-vc-backup-config Xconnect backup Ether EFP configuration submode
xconnect-vc-config Xconnect EFP submode
R2(config)#privilege
本篇和前篇实例中使用的都是本地用户,下篇介绍非本地用户,不在本地创建用户,使用radius、tacacs+服务器上的用户。
为开发者提供学习成长、分享交流、生态实践、资源工具等服务,帮助开发者快速成长。
更多推荐
1
1- 0
已为社区贡献3条内容
所有评论(0)