Common AAA Operations : Setting the User Level

Latest reply: Aug 2, 2016 01:30:04 1610 1 0 0

A user level matches a certain command level. After logging in to the device, a user can run only the commands of which the levels are the same as or lower than the user level. For example, a user at level 2 can run only the commands at levels 0, 1, and 2.

When AAA local authentication is used, set the user level on the device. If the user level is not set, the login users are at level 0 (visit level), and can use only the commands at level 0, such as network diagnostic commands ping and tracert.

To allow the users to use commands of higher levels, such as monitoring, configuration, or management level, the users must have higher user levels.

If AAA local authentication is used, you have the following methods to set the user level. The user level set in the first method has the highest priority and the user level set in the last method has the lowest priority.
  • Set the user level for a specified user.

    <HUAWEI> system-view
    [HUAWEI] aaa
    [HUAWEI-aaa] local-user user1 privilege level 15  //Set the user level of user1 to 15.
    
  • Set the user level for all users in a domain.

    <HUAWEI> system-view
    [HUAWEI] aaa
    [HUAWEI-aaa] service-scheme sch1
    [HUAWEI-aaa-service-sch1] admin-user privilege level 15  //Set the user levels of all users in a domain to 15.
    
  • Set the user level for all users logging in through the same user interface (such as VTY user interface).

    <HUAWEI> system-view
    [HUAWEI] user-interface maximum-vty 15
    [HUAWEI] user-interface vty 0 14
    [HUAWEI-ui-vty0-14] user privilege level 15  //Set the user level in VTY 0-VTY 14 to 15.
    

 

 

  • x
  • convention:

Created Aug 2, 2016 01:30:04 Helpful(0) Helpful(0)

Common AAA Operations : Setting the User Level

thanks

  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top