Thursday, June 12, 2014

Show running-config as read-only in Cisco routers without using AAA with TACACS+ and RADIUS

Sometimes it happens that we have to provide read only access to the running configuration of routers to someone who has a lower privilege. Cisco defines privilege level 15 as full access privileged EXEC mode and privilege level 1 as the normal user exec mode. In between levels are not defined by default. We can use privilege command to move commands from one privilege level to another.

privilege exec all level 10 show running-config

alias exec shrun show running-config view full

username hdesk privilege 10 secret hdesk@1234

  1. Move show running-config command to a privilege level 10
  2. But to view the running configuration, instead of show running-config, we have to type complete show running-config view full. So let's create a alias named shrun. This is optional.
  3. Now create a user with the privilege level 10. This user will be now able to see running configuration using the alias command shrun .