Re: how to enable "show run" but not see enable password

Jazz, awesome...thank you so much! Just what I was looking for...

On Wed, Feb 8, 2012 at 4:20 PM, Jazz Sunn <jazzsunn_at_gmail.com> wrote:

> Sounds like you would want to use role based CLI.
>
> Doc CD:
> http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cfg/configuration/12-4t/sec-role-base-cli.html
>
> Blog post:
> http://www.stupidroutertricks.com/2011/09/role-based-cli-configuring-aaa-part-3.html
>
>
>
>
> On Wed, Feb 8, 2012 at 3:00 PM, <ohio38jr_at_gmail.com> wrote:
>
>> How about enable secret instead of enable password then? You can set
>> level privileges but once you are able to 'show run' you will somewhat see
>> everything.
>>
>> Goodluck,
>> I
>> Sent from my BlackBerry. wireless device
>>
>>
>> -----Original Message-----
>> From: Jersey Guy <guy.jersey_at_gmail.com>
>> Sender: nobody_at_groupstudy.com
>> Date: Wed, 8 Feb 2012 15:44:10
>> To: Cisco certification<ccielab_at_groupstudy.com>
>> Reply-To: Jersey Guy <guy.jersey_at_gmail.com>
>> Subject: how to enable "show run" but not see enable password
>>
>> Hello Folks,
>> Just wondering if there's any way to tweak privilege levels on a Cisco box
>> such that a user can see the full config by doing a "show run" but NOT see
>> the enable password. Even though the enable password is encrypted, it is
>> very easy to crack, hence the query...
>>
>> TIA
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 08 2012 - 16:33:14 ART