Common AAA Operations : Setting the User Level

Created Aug 02, 2016 09:21:55Latest reply Aug 02, 2016 09:30:04 1482 1 0 0

A user level matches a certain command level. After logging in to the device, a user can run only the commands of which the levels are the same as or lower than the user level. For example, a user at level 2 can run only the commands at levels 0, 1, and 2.

When AAA local authentication is used, set the user level on the device. If the user level is not set, the login users are at level 0 (visit level), and can use only the commands at level 0, such as network diagnostic commands ping and tracert.

To allow the users to use commands of higher levels, such as monitoring, configuration, or management level, the users must have higher user levels.

If AAA local authentication is used, you have the following methods to set the user level. The user level set in the first method has the highest priority and the user level set in the last method has the lowest priority.
  • Set the user level for a specified user.

    <HUAWEI> system-view
    [HUAWEI] aaa
    [HUAWEI-aaa] local-user user1 privilege level 15  //Set the user level of user1 to 15.
    
  • Set the user level for all users in a domain.

    <HUAWEI> system-view
    [HUAWEI] aaa
    [HUAWEI-aaa] service-scheme sch1
    [HUAWEI-aaa-service-sch1] admin-user privilege level 15  //Set the user levels of all users in a domain to 15.
    
  • Set the user level for all users logging in through the same user interface (such as VTY user interface).

    <HUAWEI> system-view
    [HUAWEI] user-interface maximum-vty 15
    [HUAWEI] user-interface vty 0 14
    [HUAWEI-ui-vty0-14] user privilege level 15  //Set the user level in VTY 0-VTY 14 to 15.
    

 

 

  • x
  • convention:

user_235153  Moderator   Created Aug 02, 2016 09:30:04 Helpful(0) Helpful(0)

Common AAA Operations : Setting the User Level

thanks

  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top