Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2697
Views
0
Helpful
4
Replies

Privilege command: the show run does not show the running-config

l.tating
Level 1
Level 1

‎07-10-2006 02:16 AM - edited ‎03-10-2019 02:39 PM

Hi,

Whenever I login using "user1" I can successfully authenticate however when I ussue the show run for user1. The only thing that I can see are the following:

R4#show run

Building configuration...

Current configuration : 13 bytes

!

!

!

!

end

R4#

I have put the command on the router as follows:

~~~~~~~~~~~~~~~~~~~~~

aaa new-model

aaa authentication login ACS group tacacs+ local

aaa authentication login NO-AUTH none

aaa authorization exec ACS group tacacs+ local

aaa authorization exec NO-AUTH none

aaa authorization commands 1 ACS-1 group tacacs+ local

aaa authorization commands 1 NO-AUTH none

aaa authorization commands 10 ACS-10 group tacacs+ local

aaa authorization commands 10 NO-AUTH none

aaa authorization commands 15 ACS-15 group tacacs+ local

aaa authorization commands 15 NO-AUTH none

!

username user2 privilege 15 password xxx

username user1 privilege 10 password xxx

tacacs-server host 10.50.31.6

tacacs-server directed-request

tacacs-server key xxx

!

!

privilege exec level 15 show

privilege exec level 10 show running-config

line con 0

exec-timeout 1000 0

authorization commands 1 NO-AUTH

authorization commands 10 NO-AUTH

authorization commands 15 NO-AUTH

authorization exec NO-AUTH

login authentication NO-AUTH

line aux 0

authorization commands 1 NO-AUTH

authorization commands 10 NO-AUTH

authorization commands 15 NO-AUTH

authorization exec NO-AUTH

login authentication NO-AUTH

line vty 0 4

authorization commands 1 ACS-1

authorization commands 10 ACS-10

authorization commands 15 ACS-15

authorization exec ACS

login authentication ACS

!

end

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Regards,

Lorenz

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎07-10-2006 06:14 AM

Lorenz

I believe that the answer is that in implementing privilege levels Cisco designed the show run command so that if you do not have capability to change something that it will not show up in the show run. I believe the logic is that from a security standpoint if you are not authorized to change it you should not be able to see it in the config. So in your case if user1 is not able to change anything then they will not be able to see anything in show run.

HTH

Rick

HTH

Rick
0 Helpful

annnguy
Level 1
Level 1
In response to Richard Burts

‎07-10-2006 07:28 AM

IOS Privilege Levels Cannot See Complete Running Configuration:

http://www.cisco.com/en/US/partner/tech/tk59/technologies_tech_note09186a00800949d5.shtml

0 Helpful

l.tating
Level 1
Level 1
In response to annnguy

‎07-10-2006 07:31 PM

Hi,

Thanks for the link. I now understand it clearly.

Regards,

Lorenz

0 Helpful

l.tating
Level 1
Level 1
In response to Richard Burts

‎07-10-2006 07:28 PM

Hi Rick,

Thanks for the explanation.

Regards,

Lorenz

0 Helpful
Customers Also Viewed These Support Documents