beautypg.com

Switching user privilege level – H3C Technologies H3C SecPath F1000-E User Manual

Page 211

background image

17

Authentication

mode

Meaning Description

local scheme

Performs the local
password
authentication first

and then the

remote AAA

authentication

The device authenticates a user by using the local password first,
and if no password for privilege level switch is set, for the user
logged in from the console port, the privilege level is switched

directly; for the user logged in from any of the AUX or VTY user

interfaces, the AAA authentication is performed.

scheme local

Performs remote
AAA

authentication first

and then the local
password

authentication

AAA authentication is performed first, and if the remote
HWTACACS or RADIUS server does not respond or AAA

configuration on the device is invalid, the local password

authentication is performed.


Follow these steps to set the authentication mode for user privilege level switch:

To do…

Use the command…

Remarks

Enter system view

system-view

Set the authentication mode for
user privilege level switch

super authentication-mode
{ local | scheme } *

Optional
local by default.

Configure the password for user
privilege level switch

super password [ level
user-level ] { simple | cipher }

password

Required if the authentication
mode is set to local (that is, specify
the local keyword when setting the

authentication mode)
By default, no privilege level switch

password is configured.

CAUTION:

When you configure the password for switching the user privilege level with the super password
command, the user privilege level is 3 if no user privilege level is specified.

If you specify the simple keyword, the password saved in the configuration file is in plain text, which is
easy to be stolen. If you specify the cipher keyword, the password saved in the configuration file is in

cipher text, which is safer.

The timeout time of AAA authentication is 120 seconds. Then, the AAA authentication is considered as
no response.

If the user logs in from the console user interface (the console port or the AUX port used as the console
port) to switch to a higher level, although the authentication mode is local, and no user privilege level

password is configured, the privilege level can be switched successfully.

Switching user privilege level

Follow these steps to switch the user privilege level:

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: