What is the minimum enable level to permit config download (Cisco & other vendors)

Question

We are creating a service account to backup config from devices of various makes such as Cisco, Juniper etc.,

What is the minimum enable level we need to grant to the service account? If the answer is too subjective, I atleast want to know what is the minimum enable required for Cisco IOS devices.

score 1 · Answer 1 · answered Jun 15 '11 at 12:13

1

As far as I know, enable/privilegie level 15 is required.

answered Jun 15 '11 at 12:13

3molo

4,330
5
32
46

score 1 · Accepted Answer · answered Jun 15 '11 at 15:11

1

You can use the command: privilege exec level 6 show running

user joe pass whatever priv 6

joe should be able to do the show run config command

answered Jun 15 '11 at 15:11

evolvd

1,384
6
33
58

3

To expand on this; the `more system:running-config` command may be more appropriate for backups since it fully reports some of the encryption key and password information that's otherwise obscured in a standard `show running-config`. If you're using a tool like [RANCID](http://www.shrubbery.net/rancid/), the set of commands that it wants to run is significantly larger, as well. – Shane Madden Jun 15 '11 at 17:00
If I understand correctly, we are assigning custom privilege levels to restrict permitted commands that can be run. Is there anything similar for Juniper equipments? that is the only other major equipment that I am maintaining. – Benny Jun 15 '11 at 18:59

score 1 · Answer 3 · answered Jun 16 '11 at 06:04

1

For Juniper, you must be super-user class I believe:

set system login user username class super-user

this will do the trick.

answered Jun 16 '11 at 06:04

SpacemanSpiff

8,753
1
24
35

What is the minimum enable level to permit config download (Cisco & other vendors)

3 Answers3