Users can be created with one of the following user levels:

• Level 1 —Users with this level can only run User EXEC mode commands. Users at this level cannot access the web GUI or commands in the Privileged EXEC mode.
• Level 15 —Users with this level can run all commands. Only users at this level can access the web GUI.

A system administrator (user with level 15) can create passwords that allow a level 1 user to temporarily become a level 15 user.

The passwords for each level are set (by an administrator) using the following command:

enable password [level privilege-level]{password|encrypted encrypted-password}

Using these passwords, you can raise your user level by entering the command: enable and the password for level 15. The higher level holds only for the current session.

The disable command returns the user to a lower level.

To create a user and assign it a user level, use the username command. Only users with command level 15, can create users at this level.

---

Examples

Create a user with user level 1

switchxxxxxx#configure switchxxxxxx<conf># username john password john1234 privilege 1 switchxxxxxx<conf>#

Create passwords for level 15 (by the administrator)

switchxxxxxx#configure switchxxxxxx<conf># enable password level 15 level15@abc switchxxxxxx<conf>#

Switch between Level 1 to Level 15. The user must know the password

switchxxxxxx# switchxxxxxx# enable Enter Password: ****** (this is the password for level 15 - level15@abc) switchxxxxxx#

If authentication of passwords is performed on RADIUS or TACACS+ servers, the passwords assigned to user level 15 must be configured on the external server and associated with the $enable15$ user names. See the Authentication, Authorization and Accounting (AAA) Commands chapter for details.