Configuring command levels, Changing the level of a command, Saving the running configuration – H3C Technologies H3C SecBlade LB Cards User Manual
Page 193
183
192.168.1.0/24 Direct 0 0 192.168.1.42 Vlan999
Configuring command levels
To avoid unauthorized access, the device defines the user privilege levels and command levels in
. User privilege levels correspond to command levels. A user logged in with a specific privilege level
can use only the commands at that level or lower levels.
Table 29 Command levels and user privilege levels
Level Privilege Default set of commands
0 Visit
Includes commands for network diagnosis and commands for accessing an external
device. Configuration of commands at this level cannot survive a device restart. Upon
device restart, the commands at this level are restored to the default settings.
Commands at this level include ping, tracert, telnet and ssh2.
1 Monitor
Includes commands for system maintenance and service fault diagnosis. Commands at
this level are not saved after being configured. After the device is restarted, the
commands at this level are restored to the default settings.
Commands at this level include debugging, terminal, refresh, and send.
2 System
Includes service configuration commands, including routing configuration commands
and commands for configuring services at different network levels.
By default, commands at this level include all configuration commands except for those
at manage level.
3 Manage
Includes commands that influence the basic operation of the system and commands for
configuring system support modules.
By default, commands at this level involve the configuration commands of file system,
FTP, TFTP, Xmodem download, user management, level setting, and parameter settings
within a system, which are not defined by any protocols or RFCs.
Changing the level of a command
Every command in a view has a default command level. The default command level scheme is sufficient
for the security and ease of maintenance requirements of most networks. If you want to change the level
of a command, make sure the change does not result in any security risk or maintenance problem.
To change the level of a command:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Change the level of a
command in a specific view.
command-privilege level level view
view command
for the default
settings.
Saving the running configuration
You can use the save command in any view to save all submitted and executed commands into the
configuration file. Commands saved in the configuration file can survive a reboot. The save command