Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

You may experience some slow load times, errors, and slight inconsistencies. We ask for your patience as we finalize the launch. Thank you.

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our beta test area to get started.

New Member

Privilege command: the show run does not show the running-config

Hi,

Whenever I login using "user1" I can successfully authenticate however when I ussue the show run for user1. The only thing that I can see are the following:

R4#show run

Building configuration...

Current configuration : 13 bytes

!

!

!

!

end

R4#

I have put the command on the router as follows:

~~~~~~~~~~~~~~~~~~~~~

aaa new-model

aaa authentication login ACS group tacacs+ local

aaa authentication login NO-AUTH none

aaa authorization exec ACS group tacacs+ local

aaa authorization exec NO-AUTH none

aaa authorization commands 1 ACS-1 group tacacs+ local

aaa authorization commands 1 NO-AUTH none

aaa authorization commands 10 ACS-10 group tacacs+ local

aaa authorization commands 10 NO-AUTH none

aaa authorization commands 15 ACS-15 group tacacs+ local

aaa authorization commands 15 NO-AUTH none

!

username user2 privilege 15 password xxx

username user1 privilege 10 password xxx

tacacs-server host 10.50.31.6

tacacs-server directed-request

tacacs-server key xxx

!

!

privilege exec level 15 show

privilege exec level 10 show running-config

line con 0

exec-timeout 1000 0

authorization commands 1 NO-AUTH

authorization commands 10 NO-AUTH

authorization commands 15 NO-AUTH

authorization exec NO-AUTH

login authentication NO-AUTH

line aux 0

authorization commands 1 NO-AUTH

authorization commands 10 NO-AUTH

authorization commands 15 NO-AUTH

authorization exec NO-AUTH

login authentication NO-AUTH

line vty 0 4

authorization commands 1 ACS-1

authorization commands 10 ACS-10

authorization commands 15 ACS-15

authorization exec ACS

login authentication ACS

!

end

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Regards,

Lorenz

  • AAA Identity and NAC
4 REPLIES
Hall of Fame Super Silver

Re: Privilege command: the show run does not show the running-co

Lorenz

I believe that the answer is that in implementing privilege levels Cisco designed the show run command so that if you do not have capability to change something that it will not show up in the show run. I believe the logic is that from a security standpoint if you are not authorized to change it you should not be able to see it in the config. So in your case if user1 is not able to change anything then they will not be able to see anything in show run.

HTH

Rick

New Member

Re: Privilege command: the show run does not show the running-co

IOS Privilege Levels Cannot See Complete Running Configuration:

http://www.cisco.com/en/US/partner/tech/tk59/technologies_tech_note09186a00800949d5.shtml

New Member

Re: Privilege command: the show run does not show the running-co

Hi,

Thanks for the link. I now understand it clearly.

Regards,

Lorenz

New Member

Re: Privilege command: the show run does not show the running-co

Hi Rick,

Thanks for the explanation.

Regards,

Lorenz

529
Views
0
Helpful
4
Replies