Introduction, Switching user privilege level – H3C Technologies H3C SecPath F1000-E User Manual
Page 210
16
[Sysname-ui-vty0-4] set authentication password cipher 123
[Sysname-ui-vty0-4] user privilege level 2
By default, users log in to the device through Telnet. They can use the commands of level 0 after passing
the authentication. After you set the user privilege level under the user interface, when users log in to the
device through Telnet, they need to input password 123, and then they can use commands of levels 0,
1, and 2.
Switching User Privilege Level
Introduction
Users can switch their user privilege level temporarily without logging out and terminating the current
connection; after the switch, users can continue to configure the device without the need of relogin, but
the commands that they can execute have changed. For example, if the current user privilege level is 3,
the user can configure system parameters; after switching the user privilege level to 0, the user can only
execute some simple commands, like ping and tracert, and only a few display commands. The
switching of user privilege level is effective for the current login; after the user relogs in, the user privilege
restores to the original level.
•
To avoid misoperations, the administrators are recommended to log in to the device by using a
lower privilege level and view device operating parameters, and when they have to maintain the
device, they can switch to a higher level temporarily
•
When the administrators need to leave for a while or ask someone else to manage the device
temporarily, they can switch to a lower privilege level before they leave to restrict the operation by
others.
Setting the authentication mode for user privilege level switch
•
A user can switch to a privilege level equal to or lower than the current one unconditionally and is
not required to input the password (if any).
•
A user is required to input the password (if any) to switch to a higher privilege level for security sake.
The authentication falls into one of the following four categories:
Authentication
mode
Meaning Description
local
Local password
authentication
The device authenticates a user by using the privilege level switch
password input by the user.
When this mode is applied, you need to set the password for
privilege level switch with the super password command.
scheme
Remote AAA
authentication
through
HWTACACS or
RADIUS
The device sends the username and password for privilege level
switch to the HWTACACS or RADIUS server for remote
authentication.
When this mode is applied, you need to perform the following
configurations:
•
Configure HWTACACS or RADIUS scheme and reference the
created scheme in the ISP domain. For more information, see
RADIUS Configuration in the Firewall Web Configuration
Manual.
•
Create the corresponding user and configure password on the
HWTACACS or RADIUS server.