Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1166
Views
0
Helpful
1
Replies

How to create read only "sh running-config" user? - IOS device

sossie
Level 1
Level 1

‎10-24-2011 02:06 PM - last edited on ‎03-25-2019 05:28 PM by Community Manager

Hi all,

I would like to create a user that is able to logon to an IOS switch and have permissions to show running-config This user is to be used for Cat tools config backup. The user needs to be able to see all config "privledge level 15".

Does anyone have any ideas on how I can achieve this?

A couple of options I have read about but are not suitable for my situation are:

- setup a user that can show startup-config but this is not ideal for security (the running config is the most important)

- setup a user that has level 15 priv and then uses "autocommand show running-config" - but cat tools does not work with this sort of user.

Thanks, Simon.

Labels:
0 Helpful
1 Reply 1

Eduardo Aliaga
Level 4
Level 4

‎10-25-2011 10:42 AM

There's an IOS feature called "parser view". But in my opinion the best thing to do is to add an AAA server and configure command authentication between your router and AAA server.

0 Helpful
Customers Also Viewed These Support Documents