07-03-2012 02:31 AM
Hi all,
I've got very basic problem but I cannot find the solution... I am sitting on the Cisco 4948E switch. And, I wanted to allow to guys who have not enable password to issue command sh running-config.
I used the the following command to do that:
SW4948E(config)#privilege exec level 1 show running-config
However, when I tested it, this is what I get:
jpiavoamsw01>sh running-config
Building configuration...
Current configuration : 53 bytes
!
boot-start-marker
boot-end-marker
!
!
!
!
!
!
end
Current configuration is actually 8094 bytes in total. Of course, when I issue the show running-config from privilege mode (15) then I get the full configuration. Anybody have an idea where is the catch?
Thanks in advance, Franjo
Solved! Go to Solution.
07-03-2012 04:27 AM
Franjo,
It's going to be a pain. You'll need to enable all of the components for that privilege level in show run as well. For example, for them to see interfaces, you would need to give them access to config:
privilege configure level 1 interface
Then for them to see addressing information, you'd need to specify that as well:
privilege interface level 1 ip address
It's easier to configure role based cli, but I don't believe you can get a show run when using that at all. You can allow them to do a show start, but that's about it. They can configure everything you need them to and it's much easier than using privilege levels.
HTH,
John
07-03-2012 04:27 AM
Franjo,
It's going to be a pain. You'll need to enable all of the components for that privilege level in show run as well. For example, for them to see interfaces, you would need to give them access to config:
privilege configure level 1 interface
Then for them to see addressing information, you'd need to specify that as well:
privilege interface level 1 ip address
It's easier to configure role based cli, but I don't believe you can get a show run when using that at all. You can allow them to do a show start, but that's about it. They can configure everything you need them to and it's much easier than using privilege levels.
HTH,
John
07-06-2012 12:16 AM
Hi j.blakley and MARVIN,
Many thanks for your answers, as a first-aid solution I typed just several privilege commands to allow them to see few basic things. Anyway, I don’t think I am going to play with this any further. Seems to be too complicated.
Once again, thank you both.
Franjo
07-03-2012 04:33 AM
This is a bit counter-intuitive at first glance but is actually working as designed.
Please refer to the following document for more detailed explanation.:
https://supportforums.cisco.com/docs/DOC-14710
A better method is to give them access to the repository of a tool you are using for configuration management. Cisco Prime LMS, SolarWinds NCM and RANCID (open source) can all do this.
Hope this helps.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide