Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1705
Views
0
Helpful
5
Replies

show running-config incomplete with less privilege local user

Senthil Murugan
Level 1
Level 1

‎03-07-2017 03:22 AM - edited ‎03-08-2019 09:39 AM

Hi - I have been trying to create one user account with less privilege who has access to run "show running-config" without "view full" command to view the complete output for taking device backup. I tried parser view, but still show runn does not give any output except below.

**********

#show running-config
Building configuration...

Current configuration : 157 bytes
!
! Last configuration change at 12:01:35 CET Tue Mar 7 2017 by ****
! NVRAM config last updated at 09:54:21 CET Sat Feb 25 2017 by ****
!
!
!
!
!
end

#show parser view
Current view is 'backup

Configuration in switch:

!

parser view backup
secret 5 $1$HZ.p$DUHlOimof1zZLXi1d4kLi/
commands exec include show running-config
commands exec include show

!

Even I have given privilege 15 as well, but still no luck

username backup privilege 15 view backup secret 5 ****
!

Any help is much appreciated.

Thanks

Senthil Murugan

Labels:
0 Helpful
5 Replies 5

Julio E. Moisa
VIP Alumni
VIP Alumni

‎03-07-2017 03:35 AM

Hi

Try to use privilege command:

Example access for a user with privilege 7, you can determine just the commands to execute:

conf t

privilege exec level 7 show ip interface
privilege exec level 7 show version
privilege exec level 7 show logging

Hope it is useful

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Senthil Murugan
Level 1
Level 1
In response to Julio E. Moisa

‎03-07-2017 03:43 AM

Thanks Julio for your reply.

My requirement is a local user with privilege level 7 should execute the command 
"show running-config" to view the complete output of the "show run". Please let me know if you have any other way to do it.

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to Senthil Murugan

‎03-07-2017 03:48 AM

Hi

Try just with 

privilege exec level 7 show running-config

The rest of the access will be restricted.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Senthil Murugan
Level 1
Level 1
In response to Julio E. Moisa

‎03-07-2017 03:59 AM

No, still same case "show run" shows only below output. But show startup shows complete output.

show running-config
Building configuration...

Current configuration : 195 bytes
!
! Last configuration change at 12:45:03 CET Tue Mar 7 2017 by ***
! NVRAM config last updated at 09:54:21 CET Sat Feb 25 2017 by ***
!
boot-start-marker
boot-end-marker
!
end

!

sh run | i privilege exe
privilege exec level 7 show startup-config
privilege exec level 7 show running-config
privilege exec level 7 show

sh privilege
Current privilege level is 7

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Senthil Murugan

‎03-07-2017 06:40 AM

It has been the behavior of IOS for a long time that when you create a user at a lower privilege level that when they do show run that they see only the parts of the config that they have access to change. So if they can not change anything then they will not see anything. I do not know of a way to change that behavior.

However there may be a work around that you might consider. There is not a similar restriction on the output of show startup-config.

HTH

Rick

HTH

Rick
0 Helpful
Top