"look access to router config"

I'd like to setup a user with access to just look, but not touch our router's config. Is this possible to create an account that will let him do a "sh run"?

Reply to
Adam Landas
Loading thread data ...

sh runn with defined user priv levels is a bit tricky to configure since configuration commands must be at or below user defined privilege level. You could have something like this:

username user1 privilege 5 password 0 user1 privilege exec level 5 show configuration

This will enable user1 to issue show conf and view the entire config, but sh runn will give an empty config listing for reasons mentioned above. Also if you are using aaa new you must configure proper exec authorization since without it privilege levels defined in local usernames will be ignored.

Reply to
Andrej Brkic

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.