I have myself set on the RADIUS server to pass Privilege 15, but we have some techs that I want to be able to see the entire running config .. just not modify it.
I have looked and looked and it seems Privilege levels will only let you "see" what you can also modify. So if I give the techs lets say Privilege level 7 or 8.. they can see running config.. but not the entire config.
It seems blogs are suggesting a work around to this to issue the "auto command" to show running config then disconnect. But I am wondering if anyone else has come across this limitation and found a better solution.
The other big problem I have with the above mentioned work around is that it relies on a local user to the switch. I would ideally like to setup something that I can use their AD credentials. I already have RADIUS and they can authenticate and login to the switches via AD user and pass, but it seems I can only set them as full access or no access.
I have looked and looked and it seems Privilege levels will only let you "see" what you can also modify. So if I give the techs lets say Privilege level 7 or 8.. they can see running config.. but not the entire config.
It seems blogs are suggesting a work around to this to issue the "auto command" to show running config then disconnect. But I am wondering if anyone else has come across this limitation and found a better solution.
The other big problem I have with the above mentioned work around is that it relies on a local user to the switch. I would ideally like to setup something that I can use their AD credentials. I already have RADIUS and they can authenticate and login to the switches via AD user and pass, but it seems I can only set them as full access or no access.