https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524266#M267562 <HTML><HEAD></HEAD><BODY><P>You would need to move the "show command" to level 3. </P><P>Use command "privilege exec level 6 show".</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Wed, 27 Oct 2010 18:42:07 GMT Panos Kampanakis 2010-10-27T18:42:07Z https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524263#M267557 <P>I want to be able to set up</P><P>read only access to one of our cisco routers while letting the other users still be able to get into enable and config mode.</P><P></P><P>My current config ( without the read only access user) is as follows</P><P></P><P>aaa new-model<BR />aaa authentication login default local-case<BR />aaa authentication login NO_AUTHENT none<BR />aaa authorization exec default local</P><P>username x password y</P><P></P><P></P><P>Thank you.</P> Mon, 11 Mar 2019 00:31:20 GMT https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524263#M267557 lkadlik 2019-03-11T00:31:20Z https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524264#M267559 <HTML><HEAD></HEAD><BODY><P>You can set a different privilege in the username command, so your view user could look like</P><P></P><P>username view privilege 1 secret <PASSWORD></PASSWORD></P><P></P><P>where view is the username.</P></BODY></HTML> Tue, 26 Oct 2010 20:07:56 GMT https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524264#M267559 Jason Masker 2010-10-26T20:07:56Z https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524265#M267560 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I tried that on a test router logging into the console port and I could not log in with a privilege level of 1.&nbsp; I could log in with a privilege level of 3.&nbsp; However, it let me make changes to the router in config mode. My goal is to allow the account to run show commands on the router and have read only access. </P><P></P><P>Thoughts?</P></BODY></HTML> Wed, 27 Oct 2010 14:02:08 GMT https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524265#M267560 lkadlik 2010-10-27T14:02:08Z https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524266#M267562 <HTML><HEAD></HEAD><BODY><P>You would need to move the "show command" to level 3. </P><P>Use command "privilege exec level 6 show".</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Wed, 27 Oct 2010 18:42:07 GMT https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524266#M267562 Panos Kampanakis 2010-10-27T18:42:07Z https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524267#M267564 <HTML><HEAD></HEAD><BODY><P>If your IOS is greater than 12.3(7)T&nbsp; then you could use role-based CLI.</P></BODY></HTML> Thu, 28 Oct 2010 20:44:32 GMT https://community.cisco.com/t5/network-access-control/local-aaa-privileges/m-p/1524267#M267564 cadet alain 2010-10-28T20:44:32Z