Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3768
Views
5
Helpful
2
Replies

'Show running-config' to show like 'Show tech-support' output

Go to solution
Giovanni Ceci
Level 1
Level 1

‎08-09-2010 10:02 AM - edited ‎02-21-2020 04:03 AM

Hello,

I was wondering if there was a command (perhaps hidden in IOS) that would allow the output of 'show running-config' to hide the passwords and SNMP Community strings, much like when you do a 'show tech-support' command? I am trying to limit what a client sees (using a TACACS+ Server) and I would like to just give them an alternate command that would achieve this goal. Any clue?

Thanks,

neocec

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Siddharth Chandrachud
Cisco Employee
Cisco Employee

‎08-11-2010 04:30 PM

a. Unfortunately no. You can use 'service password-encryption' to encrypt your passwords. This way your passwords are not in cleartext.

b. You can then enable privilege levels to different users and restrict access to what commands a user can run. For e.g a user cannot run 'show tech' or 'show run' at all.

c. But this way, you can either show the output of a command completely, or restrict access to the command completely. We cannot selectively show parts of an output differently to different users.

d. You can also explore using SNMPv3. SNMPv3 protocol provides a security model defining new concepts to replace the old community-based pseudo-authentication and provide  communication privacy by means of encryption.

Sid Chandrachud

TAC Security Solutions

Customer support engineer.

View solution in original post

2 Replies 2

Go to solution
Siddharth Chandrachud
Cisco Employee
Cisco Employee

‎08-11-2010 04:30 PM

a. Unfortunately no. You can use 'service password-encryption' to encrypt your passwords. This way your passwords are not in cleartext.

b. You can then enable privilege levels to different users and restrict access to what commands a user can run. For e.g a user cannot run 'show tech' or 'show run' at all.

c. But this way, you can either show the output of a command completely, or restrict access to the command completely. We cannot selectively show parts of an output differently to different users.

d. You can also explore using SNMPv3. SNMPv3 protocol provides a security model defining new concepts to replace the old community-based pseudo-authentication and provide  communication privacy by means of encryption.

Sid Chandrachud

TAC Security Solutions

Customer support engineer.

Go to solution
Giovanni Ceci
Level 1
Level 1
In response to Siddharth Chandrachud

‎08-12-2010 05:51 AM

Thank you Siddarth for the answer to my questions, and thank you for giving me alternative options. I truly hope it's something they implement in the future because the feature is already there, Cisco just needs to make a special command for it.

Thanks again,

neocec

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card