Sounds like you would want to use role based CLI.
Doc CD:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cfg/configuration/12-4t/sec-role-base-cli.html
Blog post:
http://www.stupidroutertricks.com/2011/09/role-based-cli-configuring-aaa-part-3.html
On Wed, Feb 8, 2012 at 3:00 PM, <ohio38jr_at_gmail.com> wrote:
> How about enable secret instead of enable password then? You can set level
> privileges but once you are able to 'show run' you will somewhat see
> everything.
>
> Goodluck,
> I
> Sent from my BlackBerry. wireless device
>
> -----Original Message-----
> From: Jersey Guy <guy.jersey_at_gmail.com>
> Sender: nobody_at_groupstudy.com
> Date: Wed, 8 Feb 2012 15:44:10
> To: Cisco certification<ccielab_at_groupstudy.com>
> Reply-To: Jersey Guy <guy.jersey_at_gmail.com>
> Subject: how to enable "show run" but not see enable password
>
> Hello Folks,
> Just wondering if there's any way to tweak privilege levels on a Cisco box
> such that a user can see the full config by doing a "show run" but NOT see
> the enable password. Even though the enable password is encrypted, it is
> very easy to crack, hence the query...
>
> TIA
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 08 2012 - 15:20:07 ART
This archive was generated by hypermail 2.2.0 : Thu Mar 01 2012 - 11:46:56 ART