Connectivity Guide
• mode—Enter the privilege mode where you are conguring the specic command. The following table lists the available privilege
modes and their corresponding command modes:
Privilege mode CLI mode
Exec exec
congure class-map, DHCP, logging, monitor, openow, policy-map, QOS, support-assist, telemetry, CoS, Tmap,
UFD, VLT, VN, VRF, WRED, or alias
interface Ethernet, FC, loopback, mgmt, null, port-group, lag, breakout, range, port-channel, VLAN
route-map route-map
router router-bgp, router-ospf
line line-vty
• priv-lvl—Enter the keyword and then the privilege number, from 2 to 14.
• command-string—Enter the specic command.
You cannot congure a privilege level less than 2 for sysadmin, netadmin, and secadmin roles.
2 Congure an enable password and assign the privilege level to it.
CONFIGURATION
enable password encryption-type password-string priv-lvl privilege-level
Encryption types:
• 0—Species an unencrypted password follows
• sha-256—Species a SHA-256 encrypted password follows
• sha-512—Species a SHA-512 encrypted password follows
priv-lvl—Enter the keyword and then the privilege number. The range is from 1to 15.
OS10(config)# privilege exec priv-lvl 3 "show version"
OS10(config)# enable password 0 P@$$w0Rd priv-lvl 3
OS10(config)# privilege exec priv-lvl 12 "configure terminal"
OS10(config)# privilege configure priv-lvl 12 route-map
OS10(config)# privilege route-map priv-lvl 12 "set local-preference"
OS10(config)# enable password sha-256 $5$2uThib1o$84p.tykjmz/w7j26ymoKBjrb7uepkUB priv-lvl 12
Audit log
To monitor user activity and conguration changes on the switch, enable the audit log. Only the sysadmin and secadmin roles can
enable, view, and clear the audit log.
The audit log records conguration and security events, including:
• User logins and logouts on the switch, failed logins, and concurrent login attempts by a user
• User-based conguration changes recorded with the user ID, date, and time of the change. The specic conguration parameters that
were changed are not logged.
• Establishment of secure trac ows, such as SSH, and violations on secure ows
• Certicate issues, including user access and changes made to certicate installation using crypto commands
• Adding and deleting users
Audit log entries are saved locally and sent to congured Syslog servers. To set up a Syslog server, see System logging.
Enable audit log
• Enable the recording of conguration and security events in the audit log on Syslog servers in CONFIGURATION mode.
logging audit enable
Security
799