Connectivity Guide
To disable login statistics, use the no login-statistics enable command.
Privilege levels overview
Providing terminal access control to a switch is one method of securing the device and network. To increase security, you can allow users
to access a subset of commands using privilege levels.
With OS10, you can congure privilege levels, add commands to them, and restrict access to the terminal line with passwords. The system
supports 16 privilege levels. The following lists the privilege levels:
• Level 0—Provides users the least privilege, restricting access to basic commands.
• Level 1—Provides access to a set of show commands and certain operations such as ping, traceroute, and so on.
• Level 15—Provides access to all available commands for a particular user role.
• Levels 0, 1, and 15—System congured privilege levels with a predened command set.
• Levels 2 to 14—Not congured. You can customize these levels for dierent users and access rights.
Privilege levels inherit all permitted commands from all lower levels. For example, a user logged in with a particular privilege level has access
to commands assigned for that privilege level and lower privilege levels as permitted by the user role.
You cannot congure a privilege level lower than 2 for users assigned to the sysadmin, netadmin, and secadmin roles. You can
congure users assigned to the netoperator role with privilege levels 0 or 1.
After you assign commands to privilege levels, you can assign the privilege to users with the username command. Users can access those
commands by switching to that privilege level using the enable command.
Users can use the enable privilege-level command to switch between privilege levels. The disable command takes the user to
a lower level.
When a remote user logs in, OS10 checks for a match in the local system. If there is a local user as the remote user, the privilege level of
the local user is applied to the remote user for the login session. If there is no match in the local system, depending on the role of the
remote user, OS10 assigns default privilege levels. For sysadmin, secadmin, and netadmin roles, OS10 assigns level 15 and for the
netoperator role, OS10 assigns level 1.
NOTE
: The role of a local user and the corresponding remote user should be the same at both remote and local ends.
Congure privilege levels for users
To restrict CLI access for users, create the required privilege levels, assign commands, and then assign privilege levels to users.
1 Congure privilege levels.
CONFIGURATION
privilege mode priv-lvl privilege-level command-string
• mode—Enter the privilege mode where you are conguring the specic command. The following table lists the available privilege
modes and their corresponding command modes:
Privilege mode
CLI mode
Exec exec
congure class-map, DHCP, logging, monitor, openow, policy-map, QOS, support-assist, telemetry, CoS, Tmap,
UFD, VLT, VN, VRF, WRED, or alias
interface Ethernet, FC, Loopback, mgmt, null, port-group, lag, breakout, range, port-channel, VLAN
route-map route-map
Security 797