Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

IOS/IOS XE privilege level for show running-config only Version 17.x

MATTHIAS SCHAERER
Level 3
Level 3

‎11-01-2023 05:11 AM

Hi

I have read a lot about having different privilege levels configured with username/privilege commands. When I try to achieve this (in my case on an ASR920/V17.6.5) for a user that needs the ability to do show run (but not necessarily conf t) I do not see any output in any way I tweak the config when issuing the "show run"-command. I see that the command is accepted, but no output is displayed.

Does anybody have a RUNNING configuration on V17.x and is willing to share the secret ingredients that a config must have in order to get my request running? I have seen in the past that this has worked the way many descriptions in the web indicate, but I guess this must have been before V17.

Here's my current config:

test-router#sh run | i aaa
aaa new-model
aaa authentication login default local
aaa authorization exec default local
aaa session-id common
test-router#sh run | i privi
username test privilege 6 secret 9 <omitted>
privilege exec level 6 configure terminal
privilege exec level 6 configure
privilege exec level 6 show running-config
privilege exec level 6 show

test-router#ssh -l test 172.20.20.20
Password:

test-router#sh priv
Current privilege level is 6
test-router#sh run
test-router#sh running-config
test-router#sh interface
GigabitEthernet0/0/0 is administratively down, line protocol is down
Hardware is 12xGE-4x10GE-FIXED, address is 34ed.1b90.2580 (bia 34ed.1b90.2580)
Description: tbd
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 0 multicast, 0 pause input
0 packets output, 0 bytes, 0 underruns

test-router#
test-router#
test-router#sh run
test-router#sh running-config
test-router#

1 person had this problem
Labels:
Who Me Too'd this topic