Thursday, June 12, 2014

Show running-config as read-only in Cisco routers without using AAA with TACACS+ and RADIUS

Sometimes it happens that we have to provide read only access to the running configuration of routers to someone who has a lower privilege. Cisco defines privilege level 15 as full access privileged EXEC mode and privilege level 1 as the normal user exec mode. In between levels are not defined by default. We can use privilege command to move commands from one privilege level to another.


commands:
privilege exec all level 10 show running-config

alias exec shrun show running-config view full

username hdesk privilege 10 secret hdesk@1234

Explanation:
  1. Move show running-config command to a privilege level 10
  2. But to view the running configuration, instead of show running-config, we have to type complete show running-config view full. So let's create a alias named shrun. This is optional.
  3. Now create a user with the privilege level 10. This user will be now able to see running configuration using the alias command shrun .