Setting the super password for the USG2000&5000


When a lower-level user is switched to a higher-level user, user identity authentication is required to prevent unauthorized access. That is, the password of the higher-level user is required. The super password command can be used to set the password used to switch a lower-level user to a higher-level user.
An example is provided for setting the super password.
# Configure the password to Abcd@1234 for switching from a lower-level user to a level-3 user.
[sysname] super password level 3 cipher Abcd@1234
Note: A configured password cannot be retrieved from the system. You should carefully keep the password in case that you may forget or lose it.

Other related questions:
Traffic statistics configuration on the USG2000&5000 series
You can configure traffic statistics on the CLI of the USG2000&5000 series: 1. Configure an ACL to define packets to be debugged. 2. Run the firewall statistic acl 3333 enable command in the diagnose view. [USG-diagnose] firewall statistic acl 3333 enable 3. Run the display firewall statistic acl command in the diagnose view. [USG-diagnose] display firewall statistic acl 14:33:26 2010/03/27 Current Show sessions count: 1 Protocol(ICMP) SourceIp( DestinationIp( SourcePort(1) DestinationPort(2048) VpnIndex(public) Receive Forward Discard Obverse : 4 pkt(s) 4 pkt(s) 0 pkt(s) Reverse : 4 pkt(s) 4 pkt(s) 0 pkt(s) Discard detail information: Check whether the firewall receives packets, forwards the packets, and receives return packets. If some packets are dropped, determine the packet loss location. View packet discard possible causes to identify the cause. 4. After debugging is complete, disable traffic statistics as soon as possible because long-term traffic statistics affect firewall performance. 5. Run the undo firewall statistic command to disable traffic statistics. 6. Run the reset firewall statistic acl all command to clear statistics. 7. If necessary, run the undo acl xxxx command to delete the configured ACL.

Web password setting for the USG2000&5000 series
The default user name/password for login to the web UI is admin/Admin@123. For system security, as a web administrator, you are advised to change the password after login. system-view [sysname] aaa [sysname-aaa] local-user admin1 password irreversible-cipher ********* [sysname-aaa] local-user admin1 service-type web [sysname-aaa] local-user admin1 level 3

Method for setting a permanently available password for the administrator of the USG2000&5000 series
For the USG2000&5000 series, the following example is provided for you to set the validity period of the administrator login password: # Set the password validity period for the administrator test to 80 days. system-view [sysname] aaa [sysname-aaa] local-user test password valid-days 80 For the USG6000 series, the following example is provided for you to set the validity period of the administrator login password: # Set the password validity period for the administrator test to 80 days. system-view [sysname] aaa [sysname-aaa] manager-user test [sysname--manager-user-test] password valid-days 80 If valid-days is set to 0, the password never expires. For more command details, see the product documentation.

Setting the console password on the USG2000&5000
For the login through the console port, the account and password must be set. 1. During the first log, use the default account (admin) and password (Admin@123) of the console port. 2. To prevent an unauthorized user to access the device with the default account and password, you are advised to change this password after your first login to the device. system-view [sysname] user-interface Console 0 [sysname-ui-Console0] authentication-mode local user admin password cipher *********

Setting the SSH password on the USG2000&5000
Login through SSH improves the security of data transmission. Therefore, you are advised to log in through SSH. In addition, you are advised to use AAA for authentication. 1. Set the administrator IP addresses that can access the device remotely. The administrator cannot use IP addresses that are not specified in the ACL to remotely access the device through SSH. 2. Configure connection number limit on the VTY administrator interface. 3. Set the administrator account and password for login through SSH. system-view [sysname] ssh user admin1 [sysname] ssh user admin1 authentication-type password [sysname] aaa [sysname-aaa] local-user admin1 password cipher ********* [sysname-aaa] local-user admin1 service-type ssh [sysname-aaa] local-user admin1 level 3 [sysname-aaa] local-user admin1 access-limit 1 4. Enable the STelnet service on the device. 5. Set the client service mode of the SSH account to STelnet.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top