Contents

• ppp accounting through quit

• primary

• privilege level

ppp accounting through quit

---

• primary
• privilege level

primary

To assign a specified trustpoint as the primary trustpoint of the router, use the primary command in ca-trustpoint configuration mode.

primary name

Syntax Description

name	Name of the primary trustpoint of the router.

Command Default

No default behavior or values.

Command Modes

Ca-trustpoint configuration

Command History

Release	Modification
12.2(8)T	This command was introduced.
12.2(18)SXD	This command was integrated into Cisco IOS Release 12.2(18)SXD.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.

Usage Guidelines

Use the primary command to specify a given trustpoint as primary.

Before you can configure this command, you must enable the crypto ca trustpointcommand , which defines the trustpoint and enters ca-trustpoint configuration mode.

Examples

The following example shows how to configure the trustpoint “ka” as the primary trustpoint:

cr
ypto ca trustpoint ka
 enrollment url http://xxx
 primary
 crl option
al

Related Commands

Command	Description
crypto ca trustpoint	Declares the CA that your router should use.

privilege level

To set the default privilege level for a line, use the privilege level command in line configuration mode. To restore the default user privilege level to the line, use the no form of this command.

privilege level level

no privilege level

Syntax Description

level

Privilege level associated with the specified line.

Command Default

Level 15 is the level of access permitted by the enable password.

Level 1 is normal EXEC-mode user privileges.

Command Modes

Line configuration

Command History

Release	Modification
10.3	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS release 12.(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Users can override the privilege level you set using this command by logging in to the line and enabling a different privilege level. They can lower the privilege level by using the disable command. If users know the password to a higher privilege level, they can use that password to enable the higher privilege level.

You can use level 0 to specify a subset of commands for specific users or lines. For example, you can allow user “guest” to use only the show users and exit commands.

You might specify a high level of privilege for your console line to restrict line usage.

Note	Before Cisco IOS Release 12.2SXI, it was mandatory that a privilege level of 15 needed to be configured in the Access Control System (ACS) for Webauth (web authentication) to succeed. After this release, privilege configurations in the ACS are no longer mandatory.

Note

Some CLI commands are not supported with the privilege level command. For example, commands such as router bgp, and default interface, etc cannot be associated with a privilege level. Though the global configuration CLI may accept the privilege-level assignment for these unsupported commands, they do not become part of the router's running-configuration.

Examples

The following example configures the auxiliary line for privilege level 5. Anyone using the auxiliary line has privilege level 5 by default:

line aux 0
 privilege level 5

The following example sets all show ip commands, which includes all show commands, to privilege level 7:

privilege exec level 7 show ip route

This is equivalent to the following command:

privilege exec level 7 show

The following example sets the show ip route command to level 7 and show ip commands to level 1:

privilege exec level 7 show ip route
privilege exec level 1 show ip 

Related Commands

Command	Description
enable password	Sets a local password to control access to various privilege levels.