The levels which help to determine who should be permitted access to the device and what should be accessed on the device helps to control or enforce strict policies based on the job title of the administrator. For example, the senior network administrator and the senior security administrator get higher privilege level access and the junior network administrator and the junior network administrator get lower privilege level access. The Cisco IOS command-line interface has two levels of access privilege, and they are as follows:

• Privilege level 1 (User EXEC mode): The lowest EXEC mode for user privileges. The user can only use user-level commands that are available in User Executable mode.
• Privilege level 15 (Privileged mode): The highest level of user privileges. The user is able to use all enable-level commands in privileged mode.

Multiple privilege levels (customized) can be defined to different commands at each level. In total, there are 0 to 15 (16) privilege levels, where 0, 1, and 15 have predefined values. Commands and modes that are defined on the lower level are also available on the higher level. For example, a user with a privilege level of 5 can access commands allowed at levels 0 to 4. A user authorized to used privilege level 15 can use all of the IOS commands on the device.

The syntax to configure a custom privilege level is as follows:

Router (config)# privilege mode {level} {command}