Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

show run from exec mode doesn't work as expected

Hi all,

I've got very basic problem but I cannot find the solution... I am sitting on the Cisco 4948E switch. And, I wanted to allow to guys who have not enable password to issue command sh running-config.

I used the the following command to do that:

SW4948E(config)#privilege exec level 1 show running-config

However, when I tested it, this is what I get:

jpiavoamsw01>sh running-config

Building configuration...

Current configuration : 53 bytes

!

boot-start-marker

boot-end-marker

!

!

!

!

!

!

end

Current configuration is actually 8094 bytes in total. Of course, when I issue the show running-config from privilege mode (15) then I get the full configuration. Anybody have an idea where is the catch?

Thanks in advance, Franjo

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

show run from exec mode doesn't work as expected

Franjo,

It's going to be a pain. You'll need to enable all of the components for that privilege level in show run as well. For example, for them to see interfaces, you would need to give them access to config:

privilege configure level 1 interface

Then for them to see addressing information, you'd need to specify that as well:

privilege interface level 1 ip address

It's easier to configure role based cli, but I don't believe you can get a show run when using that at all. You can allow them to do a show start, but that's about it. They can configure everything you need them to and it's much easier than using privilege levels.

HTH,

John

HTH, John *** Please rate all useful posts ***
3 REPLIES

show run from exec mode doesn't work as expected

Franjo,

It's going to be a pain. You'll need to enable all of the components for that privilege level in show run as well. For example, for them to see interfaces, you would need to give them access to config:

privilege configure level 1 interface

Then for them to see addressing information, you'd need to specify that as well:

privilege interface level 1 ip address

It's easier to configure role based cli, but I don't believe you can get a show run when using that at all. You can allow them to do a show start, but that's about it. They can configure everything you need them to and it's much easier than using privilege levels.

HTH,

John

HTH, John *** Please rate all useful posts ***
New Member

show run from exec mode doesn't work as expected

Hi j.blakley and MARVIN,

Many thanks for your answers, as a first-aid solution I typed just several privilege commands to allow them to see few basic things. Anyway, I don’t think I am going to play with this any further. Seems to be too complicated.

Once again, thank you both.

Franjo

Hall of Fame Super Silver

Re: show run from exec mode doesn't work as expected

This is a bit counter-intuitive at first glance but is actually working as designed.

Please refer to the following document for more detailed explanation.:

https://supportforums.cisco.com/docs/DOC-14710

A better method is to give them access to the repository of a tool you are using for configuration management. Cisco Prime LMS, SolarWinds NCM and RANCID (open source) can all do this.

Hope this helps.

817
Views
0
Helpful
3
Replies