read only user

Unanswered Question
Dec 21st, 2008

We have an administrator that would like to look at our configuration on our cisco 2611 router. What I want to do is create a user that has read-only priviledges on our router so he can take a look, but not change anything. How can I do this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Danilo Dy Mon, 12/22/2008 - 05:36

Router# config t

Router(config)# user dumb-admin privilege 3 password password_for_dumb-admin

Router(config)# privilege exec level 3 show startup-config

Router(config)# privilege exec level 3 show running-config

Don't give him/her the enable password.

Richard Burts Mon, 12/22/2008 - 10:52

Leandro

The solution suggested by Dandy is very logical. The suggestion using show startup-config may work as you want it to, but I believe that there is an aspect of show running-config that will cause it to not work as you want. When IOS parses the configuration for show running-config it will not show commands for things that you do not have permission to change. So setting the privilege level of show running-config to 3 would allow the user to execute the command but the results that they see would be a pretty empty config.

HTH

Rick

Actions

This Discussion