Security wants access to sh command output - not just sh run, but sh vtp, sh ip int bri, etc...is this possible?

Nrg2Brn

The Security department has been reading cisco for dummies again,and now realize they can glean a lot of info from the world of sh commands. I have a rudimentary understanding of ncm/npm, but was able to give them web view access to ncm which gives them some of what they want, but not all. Im not willing to give them access to the backside of ncm where I can do sh commands...

IS there a way to allow them to type in a command and get its output? Even cooler if I could decide ones which could and could NOT be accessed....

just a thought....

 

Thanks,

Dave LaFontaine

reheindel

Not sure the easiest way to do this via NPM/NCM, but in order for the security folks to have access to a limited number of show commands, you would accomplish this via the privleges command set on the routers/switches they need access to.  Here is a link that describes how to set which show commands they could see:

http://www.ciscoarticles.com/CCSP-Cisco-Certified-Security-Professional/Privilege-Levels.html