Menu

Cisco router read-only


Creating a read-only user for a Cisco is very simple, BUT creating one to be able to see running config and not only startup is a bit more tricky,
To be honest – not much more.

Basically all we need is to create the privilege level, a user, and an alias command to simplify the usage

The privilege level, I used level 5 any other level available (except level 15 off course)
privilege exec all level 5 show running-config
privilege exec level 5 show

now the user :
username test privilege 5 password 0 level5

all we can do now is "show running-config" the problem is – it’s empty.
To see the configuration we need to issue " show running config view full "
And to make the usage simpler add an alias to the Cisco, to type less
alias exec shrun show run view full

now all we need to see the running configuration is to issue "shrun"
off course the new user can run ONLY the show run and nothing else, to enable more commands just add it to "privilege exec level 5"


Hope this post was helpful, If it was please consider a donation:
BTC Address: 1CnyMpjd1RntRDxSus2hu2aDMyzL4Kj29N

LTC Address: LUqrKbzGihTU2GEnL3EwsuuLHCsxCJMdtR

2 comments:

  1. i do not undestand.
    username test privilege 5 password 0 level5

    0 = my Password?

    alias exec shrun show run view full
    what is that? do i need to run
    alias exec shrun show run view full | exclude username ?

    ReplyDelete
    Replies
    1. Hi Yanir,

      The 0 means password is cleartext ( username is "test" and passwors is "level5")

      "alias exec shrun show run view full" creates an alias named "shrun".
      In other words, running "shrun" its the same as typing running "show run view full"

      Delete