Changing the administrator level under the VTY interface of the USG2000&5000&6000

7

Change the administrator level under the VTY interface of the USG2000&5000&6000 as follows:

system-view
Enter system view, return user view with Ctrl+Z.

[USG5100]user-interface vty 0 4

[USG5100-ui-vty0-4]user privilege level ?
INTEGER<0-15> Specify privilege level
//Select a level ranging from 0 to 15 here.

[USG5100-ui-vty0-4]user privilege level 15
//This command indicates setting the permission of the admin account to level 15.//

Other related questions:
Default levels of the USG2000&5000&6000 administrators
The default level of the administrators of all USG series is empty. You need to configure the level and permission of each user.

Changing the administrator level on the USG2000&5000
Change the administrator level on the USG2000&5000 as follows: system-view Enter system view, return user view with Ctrl+Z. [USG5100]aaa [USG5100-aaa]local-user admin level ? INTEGER<0-15> Value audit Audit level //The level available ranges from 0 to 15. In normal cases, the administrator permission of level 3 is proper. The audit level indicates the permission of auditing the administrator.// [USG5100-aaa]local-user admin level 3 //Indicates setting the permission of the admin account to the level-3 management level.//

Viewing the administrator level on the USG2000&5000
View the administrator level on the USG2000&5000 as follows: display local-user username admin ---------------------------------------------------------------------------- Username : admin User valid-period : - Password : **************** Password valid-days : 90 State : Active Service-type : ppp web ftp telnet terminal ssh 802.1x ACL-number : - Idle-cut : No Access-limit : No Online-number : 1 MAC-address : - User-level : 15 FTP-directory : - L2tp-ip : -

Changing the web login timeout period on the USG2000&5000&6000
Change the web login timeout period on the USG2000&5000&6000 as follows: Set the login timeout period for the web user. For example: Set the login timeout period for the web user to 1 minute. system-view [sysname] web-manager timeout 1

Restricting the administrator to access the USG2000&5000&6000 through a fixed source address
Configure the USG2000&5000&6000 to restrict the administrator to access through a fixed source address as follows: Set the VTY authentication mode to AAA on the USG to allow login of only a certain IP address: system-view [USG6600] [USG6600] acl 3000 [USG6600-acl-adv-3000]rule permit ip source 192.168.1.2 0 //192.168.1.2 allowed only. [USG6600-acl-adv-3000]quit [USG6600] user-interface vty 0 4 [USG6600-ui-vty0-4] authentication-mode aaa [USG6600-ui-vty0-4]acl 3000 inbound //The ACL here is deny by default. [USG6600-ui-vty0-4] quit After the preceding configurations, only addresses for which the action is permit in ACL 3000 or specific source addresses can telnet to the firewall.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top