Solved: So if levels 1-14 are custom

k.langley · ‎04-23-2014

I have set up a level 5 user and a enable level 5 password.

I set priv exec level 5 show running-config

I also have AAA default local set.

when I login as enable level5 and do a sh run I get 3 lines of config

Poonam Garg · ‎04-24-2014

The issue faced is due to the design of the IOS. We can lower down the privilege levels of all the configuration and exec mode commands.

However, the show run will only display the configuration of all of the commands that the current user is able to modify. In other words, all the commands at or below the user's current privilege level.

The show run/write terminal command should not display commands above the user's current privilege level because of security considerations.

IOS Privilege Levels Cannot See Complete Running Configuration. Refer this document.

HTH

"Please rate helpful posts"

View solution in original post

Poonam Garg · ‎04-24-2014

The issue faced is due to the design of the IOS. We can lower down the privilege levels of all the configuration and exec mode commands.

However, the show run will only display the configuration of all of the commands that the current user is able to modify. In other words, all the commands at or below the user's current privilege level.

The show run/write terminal command should not display commands above the user's current privilege level because of security considerations.

IOS Privilege Levels Cannot See Complete Running Configuration. Refer this document.

HTH

"Please rate helpful posts"

k.langley · ‎04-24-2014

So if levels 1-14 are custom and I say priv level 5 sh running-config doesn't that allow level 5 to see running config. I thought I added that the level

sgtedjohnson · ‎10-02-2014

I'm having the same issue as well. I referred to the information contained here. Below are the privilege levels I've set for 8 and 6, as per the document:

privilege configure level 8 interface
privilege exec level 8 configure terminal
privilege exec level 8 configure
privilege exec level 6 show running-config view full
privilege exec level 6 show running-config view
privilege exec level 6 show running-config
privilege exec level 6 show

I set the admin user to privilege level 9:

username admin privilege 9

When logged in as admin, the "show run" command still show's blank. When checking the "show run" commands available to the admin user, "view full configuration" is there, but still shows blank. Any advise?:

Router#sh run ?
aaa        Show AAA configurations
interface Show interface configuration
view       View options
vrf        Show VRF aware configuration
|          Output modifiers
<cr>

Router#sh run view ?
full Full 'running-configuration'
| Output modifiers
<cr>

Router#sh run view full ?
| Output modifiers
<cr>

Router#sh run view full
Router#show running-config ?
aaa        Show AAA configurations
interface Show interface configuration
view       View options
vrf        Show VRF aware configuration
|          Output modifiers
<cr>

Router#show running-config view ?
full Full 'running-configuration'
| Output modifiers
<cr>

Router#show running-config view full
Router#

configuring en level 5 to see running config