Re: how to enable "show run" but not see enable password from Narbik Kocharians on 2012-02-08 (Ccielab archives 02/2012)

From: Narbik Kocharians <narbikk_at_gmail.com>
Date: Wed, 8 Feb 2012 13:41:14 -0800

To add what Jay recommended (Which is GR8), you can also configure menus
and one of the items of this menu can be show run, and in the command part
of the menu you can configure a show run with exclude option.

On Wed, Feb 8, 2012 at 1:33 PM, Jersey Guy <guy.jersey_at_gmail.com> wrote:

> Jazz, awesome...thank you so much! Just what I was looking for...
>
> On Wed, Feb 8, 2012 at 4:20 PM, Jazz Sunn <jazzsunn_at_gmail.com> wrote:
>
> > Sounds like you would want to use role based CLI.
> >
> > Doc CD:
> >
> http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cfg/configuration/12-4t/sec-role-base-cli.html
> >
> > Blog post:
> >
> http://www.stupidroutertricks.com/2011/09/role-based-cli-configuring-aaa-part-3.html
> >
> >
> >
> >
> > On Wed, Feb 8, 2012 at 3:00 PM, <ohio38jr_at_gmail.com> wrote:
> >
> >> How about enable secret instead of enable password then? You can set
> >> level privileges but once you are able to 'show run' you will somewhat
> see
> >> everything.
> >>
> >> Goodluck,
> >> I
> >> Sent from my BlackBerry. wireless device
> >>
> >>
> >> -----Original Message-----
> >> From: Jersey Guy <guy.jersey_at_gmail.com>
> >> Sender: nobody_at_groupstudy.com
> >> Date: Wed, 8 Feb 2012 15:44:10
> >> To: Cisco certification<ccielab_at_groupstudy.com>
> >> Reply-To: Jersey Guy <guy.jersey_at_gmail.com>
> >> Subject: how to enable "show run" but not see enable password
> >>
> >> Hello Folks,
> >> Just wondering if there's any way to tweak privilege levels on a Cisco
> box
> >> such that a user can see the full config by doing a "show run" but NOT
> see
> >> the enable password. Even though the enable password is encrypted, it is
> >> very easy to crack, hence the query...
> >>
> >> TIA
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >>
> >> Blogs and organic groups at http://www.ccie.net
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
*Narbik Kocharians
*CCSI#30832, CCIE# 12410 (R&S, SP, Security)
*www.MicronicsTraining.com* <http://www.micronicstraining.com/>
Sr. Technical Instructor
YES! We take Cisco Learning Credits!
Training & Remote Racks available
Blogs and organic groups at http://www.ccie.net

Received on Wed Feb 08 2012 - 13:41:14 ART

This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 11:46:56 ART