I'd like to setup a user with access to just look, but not touch our router's config. Is this possible to create an account that will let him do a "sh run"?
- posted
19 years ago
"look access to router config"
Loading thread data ...
- Vote on answer
- posted
18 years ago
sh runn with defined user priv levels is a bit tricky to configure since configuration commands must be at or below user defined privilege level. You could have something like this:
username user1 privilege 5 password 0 user1 privilege exec level 5 show configuration
This will enable user1 to issue show conf and view the entire config, but sh runn will give an empty config listing for reasons mentioned above. Also if you are using aaa new you must configure proper exec authorization since without it privilege levels defined in local usernames will be ignored.