cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
913
Views
3
Helpful
3
Replies

Restrictions on Viewing the Switch Config

AIN UL BADAR
Level 4
Level 4

Hello Experts,

Customer's query "We are currently in the process of trying to lock down account access for certain customers to a subset of commands.  Do you know if there is a way to limit portions of the running and startup config from being viewed through the show run and show startup commands?  We basically want to allow the customer to view the configuration on their ports and have the ability to change the vlans associated with it, but not be able to view other sensitive information in the config.

Please let me know."

Appreciate your help and feedback.

BR,

Ain

1 Accepted Solution
3 Replies 3

vibobrov
Cisco Employee
Cisco Employee

Hi Ain,

Switches will not run the contents of the config file through command authorization before displaying. Even if that was a feature, it would take a long time to display.

Instead you can use Role-Based CLI Access: User Security Configuration Guide, Cisco IOS Release 15MT - Role-Based CLI Access [Support] - Cisco

Last time I used this, this restricts what's shown in show run and show conf.

This will require command authorization to be on the switch, however. In ISE/ACS you can send an attribute to assign users to a specific role.

Thanks

Thanks for the response Viktor/Tim.

Ain

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: