No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


S1720, S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Common Operation Guide

This document describes the CLI-based configurations of universal protocols and common features for Huawei switches on basic networks.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Setting the User Level

Setting the User Level


A user level matches a certain command level. After logging in to the device, a user can run only the commands of which the levels are the same as or lower than the user level. For example, a user at level 2 can run only the commands at levels 0, 1, and 2.

When AAA local authentication is used, set the user level on the device. If the user level is not set, the login users are at level 0 (visit level), and can use only the commands at level 0, such as network diagnostic commands ping and tracert. To allow the users to use commands of higher levels, such as monitoring, configuration, or management level, the users must have higher user levels.

When AAA local authentication is used, you can set the user level using the following three methods, which are listed in descending order of priority.
  • Set the user level for a specified user in the AAA view.

    <HUAWEI> system-view
    [HUAWEI] aaa
    [HUAWEI-aaa] local-user user1 privilege level 15  //Set the user level of user1 to 15.
  • Set the user level for all users in a domain in the service scheme view.

    <HUAWEI> system-view
    [HUAWEI] aaa
    [HUAWEI-aaa] service-scheme sch1
    [HUAWEI-aaa-service-sch1] admin-user privilege level 15  //Set the levels of all users in a domain to 15.
  • Set the user level for all users who log in through the specified user interface (such as VTY user interface) in the user interface view. By default, users on the Console port are at level 15 and users on the VTY user interface are at level 0.

    <HUAWEI> system-view
    [HUAWEI] user-interface maximum-vty 15
    [HUAWEI] user-interface vty 0 14
    [HUAWEI-ui-vty0-14] user privilege level 15  //Set the user level in VTY 0-VTY 14 to 15.

If a user whose level is set to 1 can run configuration commands, the possible cause is that the user level is set to 1 in the user interface view, but is set to a higher level in the service scheme view or AAA view.

Updated: 2018-09-03

Document ID: EDOC1000057410

Views: 123789

Downloads: 13200

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next