beautypg.com

9 switching user level, Overview, Switching user level – H3C Technologies H3C S3600 Series Switches User Manual

Page 89

background image

9-1

9

Switching User Level

Overview

Users can switch their user privilege level temporarily without logging out and disconnecting the current

connection; after the switch, users can continue to configure the device without the need of relogin and

reauthentication, but the commands that they can execute have changed.

For example, if the current user privilege level is 3, the user can configure system parameters; after

switching the user privilege level to 0, the user can only execute some simple commands, like ping and

tracert, and only a few display commands.

The switching of user privilege level is temporary, and effective for the current login; after the user relogs

in, the user privilege restores to the original level.

To avoid misoperations, the administrators are recommended to log in to the device by using a lower

privilege level and view device operating parameters, and when they have to maintain the device, they

can switch to a higher level temporarily; when the administrators need to leave for a while or ask

someone else to manage the device temporarily, they can switch to a lower privilege level before they

leave to restrict the operation by others.

The high-to-low user level switching is unlimited. However, the low-to-high user level switching requires

the corresponding authentication. Generally, two authentication modes are available: the super

password authentication mode and HWTACACS authentication mode.

Complete the following tasks to configure user level switching:

Task

Remarks

Specifying the authentication mode for user level
switching

Optional

Adopting super password authentication for user level
switching

Required

The administrator
configures the user
level switching
authentication policies

Adopting HWTACACS authentication for user level
switching

Required

The user switches user
level after logging in

Switching to a specific user level

Required

Specifying the authentication mode for user level switching

The low-to-high user level switching requires the corresponding authentication. The super password

authentication mode and HWTACACS authentication mode are available at the same time to provide

authentication redundancy.

The configuration of authentication mode for user level switching is performed by Level-3 users

(administrators).

Follow these steps to specify the authentication mode for user level switching:

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: