"look access to router config"

03-30-2005

I'd like to setup a user with access to just look, but not touch our
router's config. Is this possible to create an account that will let
him do a "sh run"?

06-29-2005

On 2005-03-30, Adam Landas <> wrote:
> I'd like to setup a user with access to just look, but not touch our
> router's config. Is this possible to create an account that will let
> him do a "sh run"?

sh runn with defined user priv levels is a bit tricky to configure since
configuration commands must be at or below user defined privilege level.
You could have something like this:

username user1 privilege 5 password 0 user1
privilege exec level 5 show configuration

This will enable user1 to issue show conf and view the entire config, but
sh runn will give an empty config listing for reasons mentioned above.
Also if you are using aaa new you must configure proper exec authorization
since without it privilege levels defined in local usernames will be ignored.

--
Andrej Brkic
E-mail:

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Very annoying error: Access to the path is denied. ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity	Jay	ASP .Net	2	08-20-2007 07:38 PM
Remote VPN router behind internet access router	Markus Marquardt	Cisco	3	06-14-2007 07:49 PM
Setting up a router with 29 Global IPs, BUT can't ping router internal interface from server or server interface from router	war_wheelan@yahoo.com	Cisco	1	12-14-2005 03:31 PM
ReQ; Help having problem with cisco router 1602R the Lan part works cannot log on to configure so PC can access internet, router connects to T1 line thier is an alarm light on anyone can help	smokin@aol.com	Computer Support	4	10-30-2004 06:06 AM
How do I let people access the internet via an access point but not allow them access to my network	yar	Wireless Networking	4	09-21-2004 03:48 AM