"look access to router config"

Discussion in 'Cisco' started by Adam Landas, Mar 31, 2005.

  1. Adam Landas

    Adam Landas Guest

    I'd like to setup a user with access to just look, but not touch our
    router's config. Is this possible to create an account that will let
    him do a "sh run"?
     
    Adam Landas, Mar 31, 2005
    #1
    1. Advertising

  2. Adam Landas

    Andrej Brkic Guest

    On 2005-03-30, Adam Landas <> wrote:
    > I'd like to setup a user with access to just look, but not touch our
    > router's config. Is this possible to create an account that will let
    > him do a "sh run"?


    sh runn with defined user priv levels is a bit tricky to configure since
    configuration commands must be at or below user defined privilege level.
    You could have something like this:

    username user1 privilege 5 password 0 user1
    privilege exec level 5 show configuration

    This will enable user1 to issue show conf and view the entire config, but
    sh runn will give an empty config listing for reasons mentioned above.
    Also if you are using aaa new you must configure proper exec authorization
    since without it privilege levels defined in local usernames will be ignored.

    --
    Andrej Brkic
    E-mail:
     
    Andrej Brkic, Jun 29, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page