Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3085
Views
0
Helpful
5
Replies

how to disable show commands

Go to solution
azmath.hk
Level 1
Level 1

‎10-09-2007 06:52 AM - edited ‎03-10-2019 03:26 PM

Hi,

We are having problem in disabling most of the show commands locally using AAA on router

Please review the config and let me know what is the way to disable all show commands except show ip int bri.....

Below is the config:-

privilege exec all level 7 crypto

privilege exec all level 7 release

privilege exec all level 7 renew

privilege exec all level 7 tclquit

privilege exec all level 7 access-enable

privilege exec all level 7 webvpn

privilege exec all level 7 ssh

privilege exec all level 7 x28

privilege exec all level 7 x3

privilege exec all level 7 pad

privilege exec all level 7 mtrace

privilege exec all level 7 msta

privilege exec all level 7 crypto

privilege exec all level 7 release

privilege exec all level 7 renew

privilege exec all level 7 tclquit

privilege exec all level 7 access-enable

privilege exec all level 7 webvpn

privilege exec all level 7 ssh

privilege exec all level 7 x28

privilege exec all level 7 x3

privilege exec all level 7 pad

privilege exec all level 7 mtrace

privilege exec all level 7 msta

username admin privilege 15 password xxx

username rem privilege 15 secret xxx

username user1 password xxx

aaa authentication login default local

aaa authorization exec default local

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to azmath.hk

‎10-10-2007 06:41 AM

I was able to do it. Here is the configs

AAASWITCH(config)#username jag privilege 7 password xxxxx

AAASWITCH(config)#privilege exec level 8 show running

AAASWITCH(config)#privilege exec level 8 show ver

AAASWITCH(config)#privilege exec level 6 show ip interface brief

AAASWITCH(config)#privilege exec level 8 show user

###########################################

Results

##########################################

Username: jag

Password:

AAASWITCH#show run

^

% Invalid input detected at '^' marker.

AAASWITCH#show ver

^

% Invalid input detected at '^' marker.

AAASWITCH#show ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

Vlan1 192.168.26.4 YES NVRAM up up

Vlan2 unassigned YES NVRAM administratively down down

Vlan22 192.166.22.5 YES NVRAM administratively down down

Vlan30 unassigned YES NVRAM administratively down down

AAASWITCH#show users

^

% Invalid input detected at '^' marker.

AAASWITCH#show user

^

% Invalid input detected at '^' marker.

In this way you need to set priv for all possible show commands.

If user priv is 2 then set priv for show commands more then 2.

Hope that helps

Regards,

~JG

View solution in original post

0 Helpful
5 Replies 5

Go to solution
azmath.hk
Level 1
Level 1

‎10-09-2007 07:08 AM

Please help me on this

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to azmath.hk

‎10-09-2007 07:15 AM

You need to set priv lvl of all show commands,

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml

Regards,

~JG

0 Helpful

Go to solution
azmath.hk
Level 1
Level 1
In response to Jagdeep Gambhir

‎10-09-2007 11:45 AM

I tried so many ways but still no go.

Please suggest me the configuration in which privilege level2 user dont see show commands in user mode except show ip int bri

Thanks in advance for the help u will provide

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to azmath.hk

‎10-10-2007 06:41 AM

I was able to do it. Here is the configs

AAASWITCH(config)#username jag privilege 7 password xxxxx

AAASWITCH(config)#privilege exec level 8 show running

AAASWITCH(config)#privilege exec level 8 show ver

AAASWITCH(config)#privilege exec level 6 show ip interface brief

AAASWITCH(config)#privilege exec level 8 show user

###########################################

Results

##########################################

Username: jag

Password:

AAASWITCH#show run

^

% Invalid input detected at '^' marker.

AAASWITCH#show ver

^

% Invalid input detected at '^' marker.

AAASWITCH#show ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

Vlan1 192.168.26.4 YES NVRAM up up

Vlan2 unassigned YES NVRAM administratively down down

Vlan22 192.166.22.5 YES NVRAM administratively down down

Vlan30 unassigned YES NVRAM administratively down down

AAASWITCH#show users

^

% Invalid input detected at '^' marker.

AAASWITCH#show user

^

% Invalid input detected at '^' marker.

In this way you need to set priv for all possible show commands.

If user priv is 2 then set priv for show commands more then 2.

Hope that helps

Regards,

~JG

0 Helpful

Go to solution
azmath.hk
Level 1
Level 1
In response to Jagdeep Gambhir

‎10-10-2007 09:33 AM

Thank you so much for your help its working now.

0 Helpful
Customers Also Viewed These Support Documents