When this particular user is created with a privilege level 10, and only show running-config is assigned to that privelege but to my surprise it only shows blank configuration Initially it was considered to be cisco Bug. When i dig it further, it found out that it is Cisco design and not any bug.
Please refer below for details
IOS Privilege Levels Cannot See Complete Running Configuration
Cisco IOS comes with 16 privialege level from 0-15 By default, Cisco assigns commands to only three of these privilege levels: zero, user, and enable. There are five commands with privilege level zero: disable, enable, exit, help, and logout. User EXEC mode — privilege level 1 (when you login this is default level). Privileged EXEC mode — privilege level 15 (when you are in enable mode, equivalent to root access of linux)
To assign a privilege level to a user:
Please refer below for details
IOS Privilege Levels Cannot See Complete Running Configuration
Cisco IOS comes with 16 privialege level from 0-15 By default, Cisco assigns commands to only three of these privilege levels: zero, user, and enable. There are five commands with privilege level zero: disable, enable, exit, help, and logout. User EXEC mode — privilege level 1 (when you login this is default level). Privileged EXEC mode — privilege level 15 (when you are in enable mode, equivalent to root access of linux)
To assign a privilege level to a user:
Router(config)# username support password abc privilege 5
Router# show privilege
Current privilege level is 5
To assign a privilege level to a particular command
Router#configure terminal
Router(config)#privilege exec level 1 show running-config
Problem Finding:
The show running configuration only displays all of the commands that the current user is able to modify. i.e. in other words, only shows configuration section that is below the user's current privilege level.
Solution:
1- Instead of using show run, we may use show startup but it may show steal configuration and might not be actual replica of running configuration.
2- We may use command
username printconfig privilege 10 password test
username printconfig privilege 15 autocommand show running By doing when the user is login the show running config command will be executed immediately but immediately logut the user. SO we will leave with configuration but need some other account to perform troubleshooting etc.Reference:
How to Configure Local Username Database in Cisco IOS
http://www.petri.co.il/csc_how_to_configure_local_username_database_cisco_ios.htm
IOS Privilege Levels Cannot See Complete Running Configuration
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
Can anyone tell me how to authorize show run command to privilege level less than 15?
ReplyDeleteI have tried to authorize the show run command to privilege level 3 but it is not showing the complete configuration. It is just showing the configuration size and when last configuration was changed.
I have found some commands to see the full running configuration. Here are the following command that we have to configure on the device:
(config)# privilege exec all level 3 show running-config
To see the full running configuration we have to use the following command:
# show running-config view full
But these commands are not supported on Version 12.2(25r)SEE4.
Is there any other method to see the complete running configuration?
plz try this :
Deleteterminal lenth 0
show running-config