[c-nsp] Cisco ASA privilege levels

Jimmy Stewpot mailers at oranged.to
Mon Apr 2 22:50:09 EDT 2012


Hello,

I am currently in the process of migrating from a Cisco ASA 5510 (v8.2(1)) to a Cisco 5585-X (v8.4(2)). We have a rather unusual requirement where we have the need for a third party auditing firm that needs to login to the device remotely and verify the configuration regularly. It has been working perfectly on the 5510 but with identical privilege commands on the 5585 the unprivileged user can no longer do a "show run". 

The configuration lines are as follows.

privilege show level 1 mode exec command running-config
privilege show level 1 mode exec command inventory
privilege show level 1 mode exec command ips

The radius server is identical and the radius attributes are all the same. Unfortunately we still cannot do a show run as privilege level 1 (i.e. without enable). Has anyone experienced this? I did a show run all privilege 1 to compare between the two versions and they seem identical. Am I missing something? Has the privilege separation changed between versions?

Regards,

Jimmy.



More information about the cisco-nsp mailing list