The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
To assign a specified trustpoint as the primary trustpoint of the router, use the primary command in ca-trustpoint configuration mode.
primary name
name |
Name of the primary trustpoint of the router. |
No default behavior or values.
Ca-trustpoint configuration
Release |
Modification |
---|---|
12.2(8)T |
This command was introduced. |
12.2(18)SXD |
This command was integrated into Cisco IOS Release 12.2(18)SXD. |
12.2(33)SRA |
This command was integrated into Cisco IOS release 12.(33)SRA. |
Use the primary command to specify a given trustpoint as primary.
Before you can configure this command, you must enable the crypto ca trustpointcommand , which defines the trustpoint and enters ca-trustpoint configuration mode.
The following example shows how to configure the trustpoint “ka” as the primary trustpoint:
cr ypto ca trustpoint ka enrollment url http://xxx primary crl option al
Command |
Description |
---|---|
crypto ca trustpoint |
Declares the CA that your router should use. |
To set the default privilege level for a line, use the privilege level command in line configuration mode. To restore the default user privilege level to the line, use the no form of this command.
privilege level level
no privilege level
level |
Privilege level associated with the specified line. |
Level 15 is the level of access permitted by the enable password.
Level 1 is normal EXEC-mode user privileges.
Line configuration
Release |
Modification |
---|---|
10.3 |
This command was introduced. |
12.2(33)SRA |
This command was integrated into Cisco IOS release 12.(33)SRA. |
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
Users can override the privilege level you set using this command by logging in to the line and enabling a different privilege level. They can lower the privilege level by using the disable command. If users know the password to a higher privilege level, they can use that password to enable the higher privilege level.
You can use level 0 to specify a subset of commands for specific users or lines. For example, you can allow user “guest” to use only the show users and exit commands.
You might specify a high level of privilege for your console line to restrict line usage.
Note | Before Cisco IOS Release 12.2SXI, it was mandatory that a privilege level of 15 needed to be configured in the Access Control System (ACS) for Webauth (web authentication) to succeed. After this release, privilege configurations in the ACS are no longer mandatory. |
Note | Some CLI commands are not supported with the privilege level command. For example, commands such as router bgp, and default interface, etc cannot be associated with a privilege level. Though the global configuration CLI may accept the privilege-level assignment for these unsupported commands, they do not become part of the router's running-configuration. |
The following example configures the auxiliary line for privilege level 5. Anyone using the auxiliary line has privilege level 5 by default:
line aux 0 privilege level 5
The following example sets all show ip commands, which includes all show commands, to privilege level 7:
privilege exec level 7 show ip route
This is equivalent to the following command:
privilege exec level 7 show
The following example sets the show ip route command to level 7 and show ip commands to level 1:
privilege exec level 7 show ip route privilege exec level 1 show ip
Command |
Description |
---|---|
enable password |
Sets a local password to control access to various privilege levels. |