Let's check the version of the target with a privilege level 2 account. The administrator can allocate individual commands (and various other options) to an individual privilege level to make this available for any user at this level.įor example, let's say we have a user "priv2" with privilege level 2 and "root" with privilege level 15. How to assign commands to a privilege level Therefore, the administrator can assign users different privilege levels in between these minimum and maximum privilege levels to separate what different users have access to. The levels between these minimum and maximum levels are undefined until the administrator assigns commands and/or users to them. Level 15 - Includes all commands available at the Privileged EXEC command mode Level 1 - Includes all commands available at the User EXEC command mode Level 0 - Includes only basic commands (disable, enable, exit, help, and logout) Privilege levelsīy default, the three privilege levels on a router are: The compliance scan will fail if 'show running-config all' and 'show version' do not have any output. This will depend on the customer configuration except for 'show version' and 'show running-configuration all' commands. The commands listed above may or may not show the required output. Show interfaces status Cisco IOS-XE only:
Show running-config full | i ^interface|ip vrf forwarding|ip address Show running-config full | i ^interface|vrf member|ip address Show running-config full | i ^interface|shutdown|ip proxy-arp Show running-config full | i ^interface|shutdown|ip unreachables Show running-config full | i ^interface|shutdown|ip redirects Show running-config all | i "^interface|ip vrf forwarding|ip address" Show running-config all | i "^interface|vrf member|ip address" Show running-config all | i ^interface|shutdown|ip proxy-arp Show running-config all | i ^interface|shutdown|ip unreachables Show running-config all | i ^interface|shutdown|ip redirects Show logging | include Syslog | Trap | Console | Monitor | Buffer logging Commands required for scanning Cisco IOS 15 / Cisco IOS-XE (all versions): The configuration QID for Cisco IOS is QID 45229 "Cisco IOS Device Configurations Detected". Please assign the appropriate privilege level per your business needs and your organization's security policies.įor compliance scanning - this high level of privileges is required for the scan to be successful.įor vulnerability scanning - this high level of privileges is required for configuration based checks only. Important - Please be aware that sensitive configurations could be at risk when you grant access to commands to a user account with a lower privilege level. If you need help downloading a router IOS version that will work with dCloud or loading the new IOS version on your router, refer to the router model documentation or contact Cisco dCloud Support.For authenticated scanning of Cisco IOS or IOS-XE devices you'll need to provide a user account with privilege level 15 (recommended) or an account with a lower privilege level as long as the account has been configured so that it's able to execute all of the commands that are required for scanning these devices.
Is different or has a version number that is older than the tested IOS version, upgrade the router IOS version to the tested or a newer IOS version.Is the same and has a version number that is the same or newer than the tested IOS version ( 15.3(2) and 153-2 in the examples), the router IOS version requires no change and you can continue to the next step.If the Cisco IOS version on your router:.Compare your router IOS version to the tested router IOS version for the router model in the Supported Routers list.įor example, C800-UNIVERSALK9-M and Version 15.3(2)T in the output of the show version command above match the tested router IOS version for the Cisco 819 router model, c800-universalk9-mz.SPA.
Determine the serial port used to connect the console of your router to your laptop.Connect your router to your laptop using the console cable.To verify that the router IOS version installed on your router will work with Cisco dCloud: