Configuring user privilege level – H3C Technologies H3C S5120 Series Switches User Manual

Page 636

background image


they can only use commands at their own, or lower, levels. All the commands are categorized into four

levels, which are visit, monitor, system, and manage from low to high, and identified respectively by 0

through 3.

Table 1-3

describes the levels of the commands.

Table 1-3 Default command levels




0 Visit

Involves commands for network diagnosis and commands
for accessing an external device. Commands at this level
are not allowed to be saved after being configured. After
the device is restarted, the commands at this level will be
restored to the default settings. Commands at this level
include ping, tracert, telnet and ssh2.

1 Monitor

Includes commands for system maintenance and service
fault diagnosis. Commands at this level are not allowed to
be saved after being configured. After the device is
restarted, the commands at this level will be restored to
the default settings. Commands at this level include
debugging, terminal, refresh, reset, and send.

2 System

Provides service configuration commands, including
routing and commands at each level of the network for
providing services. By default, commands at this level
include all configuration commands except for those at
manage level.

3 Manage

Influences the basic operation of the system and the
system support modules for service support. By default,
commands at this level involve file system, FTP, TFTP,
Xmodem command download, user management, level
setting, as well as parameter setting within a system (the
last case involves those non-protocol or non RFC
provisioned commands).

Configuring user privilege level

User privilege level can be configured by using AAA authentication parameters or under a user


Configure user privilege level by using AAA authentication parameters

If the user interface authentication mode is scheme when a user logs in, and username and password

are needed at login, then the user privilege level is specified in the configuration of AAA authentication.

Follow these steps to configure user privilege level by using AAA authentication parameters:

To do…

Use the command…


Enter system view


Enter user interface view

user-interface { first-num1
[ last-num1 ] | { aux | vty }
first-num2 [ last-num2 ] }

Configure the authentication
mode for logging in to the user
interface as scheme

authentication-mode scheme


By default, the authentication
mode for VTY users is
password, and no
authentication is needed for
AUX login users.