You will need to create a user who cannot do any other thing except viewing the running config. It will be a requirement when you create usernames for other 3rd parties. Problem is with the architecture of the Cisco IOS. Users can only view the configurations which they are allowed to modify. So if a user is given a level of 7 and if you assign show running-config command to level 7, it will not work because configuration mode is in level 15. If you assign configure terminal command to level 7 to correct this problem, the user will gain access to all the configuration commands.
So if you only need to create a user who can only view the running-config, you can simply do this..
Create a username with level 15
Router(config)#username TEST privilege 15 password cisco
Specify show run command to enter automatically when logged in
Router(config)#username TEST autocommand show run
Of course you will need to specify local login method in telnet/console which the user is using
Router(config)#line vty 0 4
Router(config)#login local
Practicals & Notes by CCDE #20240056
No comments:
Post a Comment