Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Create username to run only all show commands on Cisco Switches & Routers

Dear all,

Please could you help me, i need to add a user account on the Core Switches to can do only all show commands?

I tried with command:

# username test privilege 14 password 123

I tried with privilege from (1 : 14) all of it are prevent the user to make (#conf t) and prevent the user to enter to the configuration mode, as i need.

But also with all this privilege the user still can't run #show running-conf.

Could you please advice me?

Mohamed

3 ACCEPTED SOLUTIONS

Accepted Solutions
Purple

Create username to run only all show commands on Cisco Switches

Create username to run only all show commands on Cisco Switches

Hi Mohamed,

The thing with show running-config is that the user is allowed to see only those parts of the config that it is allowed to configure. So in your case none

I might try :

user test pass test

user test privilege 5

privilege configure all level 5 line

privilege configure all level 5 router

privilege configure all level 5 interface

privilege configure all level 5 ip

privilege configure all level 5 service

privilege exec level 5 show running-config

privilege exec level 5 show configuration

privilege exec level 5 show

You can add anythig that you want in the "privilege configure" in order to apear in show run of the user. A better solution I think that it'a tacacs authentication

Dan

Bronze

Re: Create username to run only all show commands on Cisco Switc

You can create views for different users as well.

aaa new-model

enable view  -to enter root view

password: abcdef

parser view secadmin

secret 12345

You can specify each show command

or use

commands exec include all show

commands exec include show interfaces

commands exec include show ip interface brief

commands exec include configure terminal ......

Hope this helps

Eugen

3 REPLIES
Purple

Create username to run only all show commands on Cisco Switches

Create username to run only all show commands on Cisco Switches

Hi Mohamed,

The thing with show running-config is that the user is allowed to see only those parts of the config that it is allowed to configure. So in your case none

I might try :

user test pass test

user test privilege 5

privilege configure all level 5 line

privilege configure all level 5 router

privilege configure all level 5 interface

privilege configure all level 5 ip

privilege configure all level 5 service

privilege exec level 5 show running-config

privilege exec level 5 show configuration

privilege exec level 5 show

You can add anythig that you want in the "privilege configure" in order to apear in show run of the user. A better solution I think that it'a tacacs authentication

Dan

Bronze

Re: Create username to run only all show commands on Cisco Switc

You can create views for different users as well.

aaa new-model

enable view  -to enter root view

password: abcdef

parser view secadmin

secret 12345

You can specify each show command

or use

commands exec include all show

commands exec include show interfaces

commands exec include show ip interface brief

commands exec include configure terminal ......

Hope this helps

Eugen

6028
Views
0
Helpful
3
Replies
CreatePlease to create content