Why level-1 users can run configuration-level commands on S series switches

Level-1 users can use only the commands at level 1 and level 0, but cannot use the level-2 (configuration-level) commands. You can use the following three methods to set the user level for users logging in through AAA local authentication. The user level set in the first method has the highest priority, and the user level set in the last method has the lowest priority.
Run the local-user user-name privilege level level command in the AAA view to set the user level for the user named user-name.
Run the admin-user privilege level level command in the service scheme view to set a user level for all users in a domain.
Run the user privilege level level command in the user view to set a user level for all users logging in through the user view.
By default, the users on the console port are at level 15 and the users on the VTY user interface are at level 0.
Therefore, user level 1 set in the user view does not take effect because a higher user level has been set in the AAA or service scheme view.

Scroll to top