Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5993
Views
5
Helpful
5
Replies

How to configure non-privilege level 15 users to view the full running configuration?

sgtedjohnson
Level 1
Level 1

‎10-02-2014 09:07 AM - edited ‎03-10-2019 10:04 PM

I'm trying to configure a privilege 9 user to enable them to view the running configuration. I referred to the information contained here. Below are the privilege level commands I've set for 8 and 6:

 

privilege configure level 8 interface
privilege exec level 8 configure terminal
privilege exec level 8 configure
privilege exec level 6 show running-config view full
privilege exec level 6 show running-config view
privilege exec level 6 show running-config
privilege exec level 6 show

 

I set the admin user to privilege level 9:

username admin privilege 9

 

When logged in as admin, the "show run" command still show's blank. When checking the "show run" commands available to the admin user, "view full configuration" is there, but still shows blank.  Any advise?:

 

Router#sh run ?
  aaa        Show AAA configurations
  interface  Show interface configuration
  view       View options
  vrf        Show VRF aware configuration
  |          Output modifiers
  <cr>

Router#sh run view ?
  full  Full 'running-configuration'
  |     Output modifiers
  <cr>

Router#sh run view full ?
  |  Output modifiers
  <cr>

Router#sh run view full
Router#show running-config ?
  aaa        Show AAA configurations
  interface  Show interface configuration
  view       View options
  vrf        Show VRF aware configuration
  |          Output modifiers
  <cr>

Router#show running-config view ?
  full  Full 'running-configuration'
  |     Output modifiers
  <cr>

Router#show running-config view full
Router#

 

 

 

 

Labels:
0 Helpful
5 Replies 5

sgtedjohnson
Level 1
Level 1

‎10-02-2014 09:12 AM

Also, please note IOS version is15.2 for Cisco 892 router.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to sgtedjohnson

‎10-02-2014 02:16 PM

Can you post the "aaa" configs? Also, are you testing this via console or VTY line?

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

sgtedjohnson
Level 1
Level 1
In response to nspasov

‎10-03-2014 08:20 AM

To be honest, I'm not thoroughly familiar enough with aaa configurations. Below is what I get when I do sh run aaa. Please note the admin user's privilege was reverted back to 15 because we couldn't get the intended configuration working.

 

Router#sh run aaa
!
no aaa new-model
username admin privilege 15
username root privilege 15

 

I'm connecting via VTY line below is the line configuration:

line vty 0 4
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 logging synchronous
 login local
 transport input ssh
!

0 Helpful

sgtedjohnson
Level 1
Level 1
In response to nspasov

‎10-14-2014 01:09 PM

aaa configuration above. Is this what you're looking for?

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to sgtedjohnson

‎10-14-2014 10:28 PM

Sorry I somehow missed your last reply. To get the "show run" to be available under a different privilege level is a bit trickier. Check the following thread for more info:

https://supportforums.cisco.com/document/56496/configuring-privilege-levels-cisco-ios

However, there a couple of ways to get around that:

Here are my commands:

enable secret 5 $1$g2r4$6TYhcx9JsVIidJFTGR0a0.
!
aaa new-model
!
aaa authentication login default local

 

aaa authorization console
aaa authorization exec default local 
aaa authorization commands 6 default local 
aaa authorization commands 7 default local 
aaa authorization commands 8 default local 
aaa authorization commands 9 default local 

 

username admin privilege 15 secret 5 $1$WFRJ$DzfDc/BC1ZhyamHrZdvQZ.
username level6 privilege 6 secret 5 $1$0xJX$Nv/FJZnC/oIe58puMgynZ.
username level7 privilege 7 secret 5 $1$8xGN$2r2/7kxqPPoOA4HtifD451
username level8 privilege 8 secret 5 $1$RfKk$DEyyFdzoriuCKdTZkItNj0
username level9 privilege 9 secret 5 $1$K6Mb$/IW5Pe8RVRZtkenkQpnX1/

 

privilege configure level 8 interface
privilege exec level 8 configure terminal
privilege exec level 8 configure
privilege exec level 6 show startup-config
privilege exec level 6 show running-config view full
privilege exec level 6 show running-config view
privilege exec all level 6 show running-config
privilege exec level 6 show

 

Solution#1: Instead of "show run" you can enable your lower level users to use "show start-up config" The following commands make this possible

privilege exec level 6 show startup-config
privilege exec level 6 show

 

Solution#2: Instead of "show run" your users will have to use "show run view full". For following commands from the syntax make this possible:(Note the keyword "all" and where it is placed"

privilege exec all level 6 show running-config

 

I hope this helps! Let me know if you are still having issues. 

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
Customers Also Viewed These Support Documents