Hi read your post a as Rick said previledge level setting will not resolve all of your concern. I do know if you have Cisco Works you can setup a user account for this person that will allow him to view the config files but no changes can be made, the server will restrict authorization of the user. otherwise coping the config into notepad or wordpad is your best option if the user doesn't need to make any changes. HTH

leandro.candido Wed, 12/17/2008 - 15:47
User Badges:

Nice! Thanks for your help!

Can be done in ACS?

If yes, how can I do to restrict this?

crow930us Wed, 12/17/2008 - 19:29
User Badges:
  • Bronze, 100 points or more

Setting different privilege levels is partly determined by what kind of authentication you use. you can either use local authentication or use AAA with TACACS+ and RADIUS. The Cisco Documentation has more info for you.

An example of the commands you would use locally are:

Router(config)# privilege mode level level command-string

Router(config)# enable secret level level {0 |5} password-string

Some of the guidelines from Cisco are here:

Privilege Command Enhancement: http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftprienh.html

Configuring Passwords and Privileges: http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfpass.html


This Discussion