cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
548
Views
0
Helpful
5
Replies

Switch management

shansfeldt
Level 1
Level 1

Hi,

I need to configure read-only user to a Cisco 2960 switch. They want to see the config.

How can I hide enable password in config from the read-only users.

The encrypted password is not enough.

5 Replies 5

Joe Clarke
Cisco Employee
Cisco Employee

What version of code is running on the switch?

Hi,

The version is :

(C2960-LANBASEK9-M), Version 12.2(50)SE

Cisco 2960-24TT-L

Best Regards

Magnus

You can use the Embedded Event Manager to post-process the configuration, and filter out passwords. I actually had another user ask for this, so I developed this Tcl policy to filter out passwords and community strings. Of course, to actually limit them to certain commands (i.e. prevent them from entering config t mode, you would need to use other policies, or AAA command authorization).

To register this EEM policy, create a directory on flash like flash:/policies. Copy the script into this directory. Then configure:

event manager directory user policy flash:/policies

event manager policy cl_show_run.tcl

Now execute "show running-config". You'll notice the password fields are missing. Now execute "write term". You'll see the passwords show up. So, in AAA, limit your read-only user to only being able to run "show run", and they will not be able to see passwords.

Leo Laohoo
Hall of Fame
Hall of Fame

DO a "sh tech" and cut out the bottom bit.

Hi,

No, the users want to login to the switch as read-only and then run "sh config".

They want to see the config, but I don't want them to see the password, even if it is encrypted.

If I do a config like below, they can do a show tech-support.

The problem here is that the config is not there.

aaa new-model

username xxxx privilege 2 password xxxx

aaa authorization exec default local

privilege exec level 2 sh tech

Thanks for your time!

Best Regards

Magnus

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: