Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1452
Views
0
Helpful
6
Replies

Running copy running-config tftp with least privilage

Go to solution
giridar
Level 1
Level 1

‎11-05-2020 03:21 AM

Hi All,

 

 I am planning to backup device configuration using ManageEngine OpManager, it has a tftp server and we can add the devices, so it requires a credentials

 

the user account should be able to run copy running-config tftp, as I checked this command is only available for privilege 15

 

i don't want to use a privilage 15 user account for this to avoid any risks, since it has permission to modify the device configurations

 

is there any way to assign copy running-config tftp to a least privilege level

 

enable secret is already configured so i can't reduce the level of it and assign the exce 

 

thanks in advance 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-05-2020 03:24 AM

Try below and let us know how it goes :

 

#username backupuser privilege 7 password 7 backupuserpassword

#privilege exec level 7 copy running-config

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-05-2020 03:24 AM

Try below and let us know how it goes :

 

#username backupuser privilege 7 password 7 backupuserpassword

#privilege exec level 7 copy running-config

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
giridar
Level 1
Level 1
In response to balaji.bandi

‎11-05-2020 03:27 AM

thank you very much, will this copy all the configurations or only the ones that this level have access

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-05-2020 03:38 AM

The backupuser with Priv 7 - backupuser have access to that command only. - its like Role based access.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
giridar
Level 1
Level 1
In response to balaji.bandi

‎11-05-2020 03:51 AM

thank you, 

0 Helpful

Go to solution
giridar
Level 1
Level 1
In response to giridar

‎11-05-2020 05:06 AM

seems like the application I am using is taking the backup using show running-config and show startup-config

so I added these

privilege exec level 7 terminal length 0
privilege exec level 7 show running-config
privilege exec level 7 show startup-config

so it needs an account that has access to all the cinfigurations

is it possible to give full access except for configuration terminal

 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-08-2020 02:20 AM

You can also do less priv level -

 

Since you do not provide the device information or IOS  - high level you can do as below

 

 

username bbandi privilege 5 secret 5 YYYYYYYYYYYYYYYYYYY

privilege exec level 5 show running-config view full
privilege exec level 5 show running-config view
privilege exec level 5 show running-config
privilege exec level 5 show

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card