Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4151
Views
0
Helpful
3
Replies

show run from exec mode doesn't work as expected

Go to solution
Franjo Pongrac
Level 1
Level 1

‎07-03-2012 02:31 AM

Hi all,

I've got very basic problem but I cannot find the solution... I am sitting on the Cisco 4948E switch. And, I wanted to allow to guys who have not enable password to issue command sh running-config.

I used the the following command to do that:

SW4948E(config)#privilege exec level 1 show running-config

However, when I tested it, this is what I get:

jpiavoamsw01>sh running-config

Building configuration...

Current configuration : 53 bytes

!

boot-start-marker

boot-end-marker

!

!

!

!

!

!

end

Current configuration is actually 8094 bytes in total. Of course, when I issue the show running-config from privilege mode (15) then I get the full configuration. Anybody have an idea where is the catch?

Thanks in advance, Franjo

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎07-03-2012 04:27 AM

Franjo,

It's going to be a pain. You'll need to enable all of the components for that privilege level in show run as well. For example, for them to see interfaces, you would need to give them access to config:

privilege configure level 1 interface

Then for them to see addressing information, you'd need to specify that as well:

privilege interface level 1 ip address

It's easier to configure role based cli, but I don't believe you can get a show run when using that at all. You can allow them to do a show start, but that's about it. They can configure everything you need them to and it's much easier than using privilege levels.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful
3 Replies 3

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎07-03-2012 04:27 AM

Franjo,

It's going to be a pain. You'll need to enable all of the components for that privilege level in show run as well. For example, for them to see interfaces, you would need to give them access to config:

privilege configure level 1 interface

Then for them to see addressing information, you'd need to specify that as well:

privilege interface level 1 ip address

It's easier to configure role based cli, but I don't believe you can get a show run when using that at all. You can allow them to do a show start, but that's about it. They can configure everything you need them to and it's much easier than using privilege levels.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
Franjo Pongrac
Level 1
Level 1
In response to John Blakley

‎07-06-2012 12:16 AM

Hi j.blakley and MARVIN,

Many thanks for your answers, as a first-aid solution I typed just several privilege commands to allow them to see few basic things. Anyway, I don’t think I am going to play with this any further. Seems to be too complicated.

Once again, thank you both.

Franjo

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-03-2012 04:33 AM

This is a bit counter-intuitive at first glance but is actually working as designed.

Please refer to the following document for more detailed explanation.:

https://supportforums.cisco.com/docs/DOC-14710

A better method is to give them access to the repository of a tool you are using for configuration management. Cisco Prime LMS, SolarWinds NCM and RANCID (open source) can all do this.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents