No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S1720, S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Common Operation Guide

This document describes the CLI-based configurations of universal protocols and common features for Huawei switches on basic networks.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting the User Level

Setting the User Level

Context

A user level matches a certain command level. After logging in to the device, a user can run only the commands of which the levels are the same as or lower than the user level. For example, a user at level 2 can run only the commands at levels 0, 1, and 2.

When AAA local authentication is used, set the user level on the device. If the user level is not set, the login users are at level 0 (visit level), and can use only the commands at level 0, such as network diagnostic commands ping and tracert. To allow the users to use commands of higher levels, such as monitoring, configuration, or management level, the users must have higher user levels.

When AAA local authentication is used, you can set the user level using the following three methods, which are listed in descending order of priority.
  • Set the user level for a specified user in the AAA view.

    <HUAWEI> system-view
    [HUAWEI] aaa
    [HUAWEI-aaa] local-user user1 privilege level 15  //Set the user level of user1 to 15.
    
  • Set the user level for all users in a domain in the service scheme view.

    <HUAWEI> system-view
    [HUAWEI] aaa
    [HUAWEI-aaa] service-scheme sch1
    [HUAWEI-aaa-service-sch1] admin-user privilege level 15  //Set the levels of all users in a domain to 15.
    
  • Set the user level for all users who log in through the specified user interface (such as VTY user interface) in the user interface view. By default, users on the Console port are at level 15 and users on the VTY user interface are at level 0.

    <HUAWEI> system-view
    [HUAWEI] user-interface maximum-vty 15
    [HUAWEI] user-interface vty 0 14
    [HUAWEI-ui-vty0-14] user privilege level 15  //Set the user level in VTY 0-VTY 14 to 15.
    
NOTE:

If a user whose level is set to 1 can run configuration commands, the possible cause is that the user level is set to 1 in the user interface view, but is set to a higher level in the service scheme view or AAA view.

Translation
Download
Updated: 2018-09-03

Document ID: EDOC1000057410

Views: 89036

Downloads: 12189

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next