Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
296
Views
8
Helpful
4
Replies

privilege setting

leungcm
Level 1
Level 1

‎06-02-2007 08:37 PM - edited ‎03-03-2019 05:16 PM

Hi,

I config three levels for remote access. all show command is on level 2 (privilege 5). However, it only how 6 line of running-config. any missing of the commands?

----

privilege exec level 1 traceroute

privilege exec level 1 show running-config

----

--- output if sh run ---

tw72xx>sh run

Building configuration...

Current configuration : 13 bytes

!

!

!

!

end

----

thanks

best regards

Labels:
0 Helpful
4 Replies 4

Anand Narayana
Level 6
Level 6

‎06-02-2007 08:42 PM

Hi,

only on privilege level 15, you can view the running configuration.

0 Helpful

leungcm
Level 1
Level 1
In response to Anand Narayana

‎06-02-2007 08:50 PM

Hi,

does it mean that whatever we do, the "sh run" is still in level 15?

best regards

0 Helpful

Anand Narayana
Level 6
Level 6
In response to leungcm

‎06-02-2007 09:27 PM

YES ur right, bcoz privilege level 15 is the admin privileges, other levels are not entitled to see the configuration as it is not safe.

mohammedmahmoud
Level 11
Level 11

‎06-02-2007 10:56 PM

Hi,

When access to the router is configured by privilege levels, a common issue is that the show running is configured at or below the user's privilege level. When the user executes the command, the configuration appears to be blank. This is actually by design due to that this command displays all of the commands that the current user is able to modify (in other words, all the commands at or below the user's current privilege level). The command should not display commands above the user's current privilege level because of security considerations. If so, commands such as snmp-server community could be used to modify the current configuration of the router and gain complete access to the router.

For example, if a certain privilege level is given the privilege to configure under the interface, and do show run, when a user do show run with this level, he will get only the interface configurations:

privilege configure all level 5 interface

privilege exec all level 5 show running-config

Router#sh run

Building configuration...

Current configuration : 1055 bytes

!

boot-start-marker

boot-end-marker

!

!

!

!

!

interface Loopback0

ip address 10.10.10.2 255.255.255.255

!

interface Serial1/1

no ip address

shutdown

!

end

I hope that i've been informative.

HTH, please do rate all helpful replies,

Mohammed Mahmoud.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card