Why level-1 users can run configuration-level commands on S series switches

20

Level-1 users can use only the commands at level 1 and level 0, but cannot use the level-2 (configuration-level) commands. You can use the following three methods to set the user level for users logging in through AAA local authentication. The user level set in the first method has the highest priority, and the user level set in the last method has the lowest priority.
Run the local-user user-name privilege level level command in the AAA view to set the user level for the user named user-name.
Run the admin-user privilege level level command in the service scheme view to set a user level for all users in a domain.
Run the user privilege level level command in the user view to set a user level for all users logging in through the user view.
By default, the users on the console port are at level 15 and the users on the VTY user interface are at level 0.
Therefore, user level 1 set in the user view does not take effect because a higher user level has been set in the AAA or service scheme view.

Other related questions:
Why can a user use commands higher than level 1 after the user level configured on the RADIUS server for the user is set to level 1
Run the display current-configuration command to check the configuration on the router and check whether the command line level has been changed by running the command-privilege level command.

Level 1 is configured for a user on the RADIUS server, but the user has more rights than rights defined in Level 1 after login. Why
Run the display current-configuration command to check the device configuration and check whether the command-privilege level command is used to change the level.

Why the user has rights of a higher level than level 1 configured on the RADIUS server after login
If a user has a higher level than the configured level on the RADIUS server after the user logs in to the AR, run the display current-configuration command to check the configurations on the AR and check whether the command-privilege level command is used to change the command line level.

Which commands determine the user level
If the authentication mode of the user is non-authentication, the user level is specified by the user privilege command in VTY mode.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top