Default levels of the USG2000&5000&6000 administrators

0

The default level of the administrators of all USG series is empty. You need to configure the level and permission of each user.

Other related questions:
Changing the administrator level under the VTY interface of the USG2000&5000&6000
Change the administrator level under the VTY interface of the USG2000&5000&6000 as follows: system-view Enter system view, return user view with Ctrl+Z. [USG5100]user-interface vty 0 4 [USG5100-ui-vty0-4]user privilege level ? INTEGER<0-15> Specify privilege level //Select a level ranging from 0 to 15 here. [USG5100-ui-vty0-4]user privilege level 15 //This command indicates setting the permission of the admin account to level 15.//

Viewing the administrator level on the USG2000&5000
View the administrator level on the USG2000&5000 as follows: display local-user username admin ---------------------------------------------------------------------------- Username : admin User valid-period : - Password : **************** Password valid-days : 90 State : Active Service-type : ppp web ftp telnet terminal ssh 802.1x ACL-number : - Idle-cut : No Access-limit : No Online-number : 1 MAC-address : - User-level : 15 FTP-directory : - L2tp-ip : -

Changing the administrator level on the USG2000&5000
Change the administrator level on the USG2000&5000 as follows: system-view Enter system view, return user view with Ctrl+Z. [USG5100]aaa [USG5100-aaa]local-user admin level ? INTEGER<0-15> Value audit Audit level //The level available ranges from 0 to 15. In normal cases, the administrator permission of level 3 is proper. The audit level indicates the permission of auditing the administrator.// [USG5100-aaa]local-user admin level 3 //Indicates setting the permission of the admin account to the level-3 management level.//

Restricting the administrator to access the USG2000&5000&6000 through a fixed source address
Configure the USG2000&5000&6000 to restrict the administrator to access through a fixed source address as follows: Set the VTY authentication mode to AAA on the USG to allow login of only a certain IP address: system-view [USG6600] [USG6600] acl 3000 [USG6600-acl-adv-3000]rule permit ip source 192.168.1.2 0 //192.168.1.2 allowed only. [USG6600-acl-adv-3000]quit [USG6600] user-interface vty 0 4 [USG6600-ui-vty0-4] authentication-mode aaa [USG6600-ui-vty0-4]acl 3000 inbound //The ACL here is deny by default. [USG6600-ui-vty0-4] quit After the preceding configurations, only addresses for which the action is permit in ACL 3000 or specific source addresses can telnet to the firewall.

Configuring level-1 users to view global configurations on the USG2000&5000&6000
Configure level-1 users to view global configurations on the USG2000&5000&6000 as follows: system-view Enter system view, return user view with Ctrl+Z. [USG]command-privilege level 1 view AAA display current-configuration [USG]command-privilege level 1 view AAA display After entering preceding commands, level-1 users can run the display current-configuration command to view global device configurations.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top