https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537310#M426914 <P>Hi,</P><P></P><P>Whenever I login using "user1" I can successfully authenticate however when I ussue the show run for user1. The only thing that I can see are the following:</P><P></P><P>R4#show run</P><P>Building configuration...</P><P></P><P>Current configuration : 13 bytes</P><P>!</P><P>!</P><P>!</P><P>!</P><P>end</P><P></P><P>R4#</P><P></P><P></P><P></P><P>I have put the command on the router as follows:</P><P></P><P>~~~~~~~~~~~~~~~~~~~~~</P><P>aaa new-model</P><P>aaa authentication login ACS group tacacs+ local</P><P>aaa authentication login NO-AUTH none</P><P>aaa authorization exec ACS group tacacs+ local</P><P>aaa authorization exec NO-AUTH none</P><P>aaa authorization commands 1 ACS-1 group tacacs+ local</P><P>aaa authorization commands 1 NO-AUTH none</P><P>aaa authorization commands 10 ACS-10 group tacacs+ local</P><P>aaa authorization commands 10 NO-AUTH none</P><P>aaa authorization commands 15 ACS-15 group tacacs+ local</P><P>aaa authorization commands 15 NO-AUTH none</P><P>!</P><P>username user2 privilege 15 password xxx</P><P>username user1 privilege 10 password xxx</P><P></P><P></P><P>tacacs-server host 10.50.31.6</P><P>tacacs-server directed-request</P><P>tacacs-server key xxx</P><P>!</P><P>!</P><P>privilege exec level 15 show</P><P>privilege exec level 10 show running-config</P><P></P><P></P><P>line con 0</P><P> exec-timeout 1000 0</P><P> authorization commands 1 NO-AUTH</P><P> authorization commands 10 NO-AUTH</P><P> authorization commands 15 NO-AUTH</P><P> authorization exec NO-AUTH</P><P> login authentication NO-AUTH</P><P>line aux 0</P><P> authorization commands 1 NO-AUTH</P><P> authorization commands 10 NO-AUTH</P><P> authorization commands 15 NO-AUTH</P><P> authorization exec NO-AUTH</P><P> login authentication NO-AUTH</P><P>line vty 0 4</P><P> authorization commands 1 ACS-1</P><P> authorization commands 10 ACS-10</P><P> authorization commands 15 ACS-15</P><P> authorization exec ACS</P><P> login authentication ACS</P><P>!</P><P>end</P><P></P><P>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</P><P></P><P>Regards,</P><P>Lorenz</P> Sun, 10 Mar 2019 21:39:12 GMT l.tating 2019-03-10T21:39:12Z https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537310#M426914 <P>Hi,</P><P></P><P>Whenever I login using "user1" I can successfully authenticate however when I ussue the show run for user1. The only thing that I can see are the following:</P><P></P><P>R4#show run</P><P>Building configuration...</P><P></P><P>Current configuration : 13 bytes</P><P>!</P><P>!</P><P>!</P><P>!</P><P>end</P><P></P><P>R4#</P><P></P><P></P><P></P><P>I have put the command on the router as follows:</P><P></P><P>~~~~~~~~~~~~~~~~~~~~~</P><P>aaa new-model</P><P>aaa authentication login ACS group tacacs+ local</P><P>aaa authentication login NO-AUTH none</P><P>aaa authorization exec ACS group tacacs+ local</P><P>aaa authorization exec NO-AUTH none</P><P>aaa authorization commands 1 ACS-1 group tacacs+ local</P><P>aaa authorization commands 1 NO-AUTH none</P><P>aaa authorization commands 10 ACS-10 group tacacs+ local</P><P>aaa authorization commands 10 NO-AUTH none</P><P>aaa authorization commands 15 ACS-15 group tacacs+ local</P><P>aaa authorization commands 15 NO-AUTH none</P><P>!</P><P>username user2 privilege 15 password xxx</P><P>username user1 privilege 10 password xxx</P><P></P><P></P><P>tacacs-server host 10.50.31.6</P><P>tacacs-server directed-request</P><P>tacacs-server key xxx</P><P>!</P><P>!</P><P>privilege exec level 15 show</P><P>privilege exec level 10 show running-config</P><P></P><P></P><P>line con 0</P><P> exec-timeout 1000 0</P><P> authorization commands 1 NO-AUTH</P><P> authorization commands 10 NO-AUTH</P><P> authorization commands 15 NO-AUTH</P><P> authorization exec NO-AUTH</P><P> login authentication NO-AUTH</P><P>line aux 0</P><P> authorization commands 1 NO-AUTH</P><P> authorization commands 10 NO-AUTH</P><P> authorization commands 15 NO-AUTH</P><P> authorization exec NO-AUTH</P><P> login authentication NO-AUTH</P><P>line vty 0 4</P><P> authorization commands 1 ACS-1</P><P> authorization commands 10 ACS-10</P><P> authorization commands 15 ACS-15</P><P> authorization exec ACS</P><P> login authentication ACS</P><P>!</P><P>end</P><P></P><P>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~</P><P></P><P>Regards,</P><P>Lorenz</P> Sun, 10 Mar 2019 21:39:12 GMT https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537310#M426914 l.tating 2019-03-10T21:39:12Z https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537311#M426916 <HTML><HEAD></HEAD><BODY><P>Lorenz</P><P></P><P>I believe that the answer is that in implementing privilege levels Cisco designed the show run command so that if you do not have capability to change something that it will not show up in the show run. I believe the logic is that from a security standpoint if you are not authorized to change it you should not be able to see it in the config. So in your case if user1 is not able to change anything then they will not be able to see anything in show run.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Mon, 10 Jul 2006 13:14:37 GMT https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537311#M426916 Richard Burts 2006-07-10T13:14:37Z https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537312#M426919 <HTML><HEAD></HEAD><BODY><P>IOS Privilege Levels Cannot See Complete Running Configuration:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/partner/tech/tk59/technologies_tech_note09186a00800949d5.shtml" target="_blank">http://www.cisco.com/en/US/partner/tech/tk59/technologies_tech_note09186a00800949d5.shtml</A></P></BODY></HTML> Mon, 10 Jul 2006 14:28:46 GMT https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537312#M426919 annnguy 2006-07-10T14:28:46Z https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537313#M426921 <HTML><HEAD></HEAD><BODY><P>Hi Rick,</P><P>Thanks for the explanation.</P><P></P><P>Regards,</P><P>Lorenz</P></BODY></HTML> Tue, 11 Jul 2006 02:28:37 GMT https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537313#M426921 l.tating 2006-07-11T02:28:37Z https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537314#M426923 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thanks for the link. I now understand it clearly.</P><P></P><P>Regards,</P><P>Lorenz</P></BODY></HTML> Tue, 11 Jul 2006 02:31:22 GMT https://community.cisco.com/t5/network-access-control/privilege-command-the-show-run-does-not-show-the-running-config/m-p/537314#M426923 l.tating 2006-07-11T02:31:22Z