username [name] privilege [1-15]
Assigns a privilege level (1-15) to a local username, controlling command access for that user.
username [name] privilege [1-15]When to Use This Command
- Granting a junior network admin privilege level 7 to allow show commands and basic troubleshooting without full configuration access.
- Creating a superuser with privilege 15 for full administrative control.
- Restricting a guest user to privilege 1 (user EXEC mode) for minimal read-only access.
- Setting privilege level 10 for a user who needs to configure interfaces but not global settings.
Command Examples
Create a user with privilege 15 (full access)
username admin privilege 15 secret Cisco123Creates user 'admin' with privilege 15 and encrypted password 'Cisco123'. No output is shown; the command is applied silently.
Create a user with privilege 7 (limited access)
username operator privilege 7 secret OperPass!Creates user 'operator' with privilege 7. This user can execute commands up to privilege level 7, typically including show commands and basic diagnostics but not configuration commands.
Understanding the Output
This command does not produce output on successful execution. To verify the configuration, use 'show running-config | include username' which displays the configured usernames with their privilege levels (e.g., 'username admin privilege 15 secret 5 $1$...'). The privilege level determines which commands the user can execute: 0-1 for user EXEC, 2-14 for custom levels, 15 for privileged EXEC. A higher number means more access. Ensure the privilege level matches the intended role; assigning 15 to all users defeats security.
CCNA Exam Tips
Remember that privilege levels 0 and 1 are reserved; level 15 is full access.
The 'secret' keyword stores the password encrypted (type 5 or 8/9); 'password' stores it in plaintext (type 0) — always use 'secret' on the exam.
Privilege level can be used with 'privilege' command to move commands between levels.
CCNA may test that local authentication requires both username and privilege; without privilege, default is level 1.
Common Mistakes
Using 'password' instead of 'secret' — exposes password in config.
Forgetting to set privilege level, defaulting to level 1 (user EXEC only).
Setting privilege 15 for all users, bypassing security best practices.
Related Commands
aaa new-model
Enables AAA (Authentication, Authorization, and Accounting) security services on a Cisco device, required before configuring any AAA commands.
enable secret [password]
Sets an encrypted password for privileged EXEC access, replacing the less secure 'enable password' command.
username [name] secret [password]
Creates a local user account with an encrypted password (using MD5 hashing) for authentication on Cisco IOS devices, typically used for SSH, console, or AUX access.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions