hi all, i have a new network engineer who needs just show access to our routers. i am using cisco acs 3.3 ( windows ) to handle AAA. now i have given this user privilige 14 and he is able to show all the commands except show running-config. i need to provide him access to this command ( its important), since i cant do any authorization in priv 15 so any one has any idea how to achieve this in level 14 ?
Be aware of a restriction in show running-config with privilege levels. You can grant access to show running-config but the person will not see things in show running that they do not have access to change. So if they can not change anything they will see pretty much nothing in show running. You might check on using show startup-config, which I believe does not have the same restriction.
Both show startup-config and show running-config are priv 15 level commands.
If you assign 15 as a level to the user and only authorise the command set of "show" and then arguments "permit running-config" it will allow your user to access these commands plus all other show commands. conf, clear etc etc will not be authorised so will fail.
hi Andy, i have tried this as well, i assigned the user level 15 and then only permitted him show running-config but it didnt work, i asked a question like this before also and some 1 told me that we cant do any type of filtering in level 15, its not possible, so wat u guys think ?
Well I am doing it so i would suggest that is untrue!
Whether it is slightly different in 3.3 though I am unsure.
I have attached a quick screen shot of the command set and group setting for allocating that command set to that group. Oddly, just adding the permit statement for running-config and interface has enabled all show commands only. You do need to specify running-config for it to work.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.