Which commands determine the user level

1

If the authentication mode of the user is non-authentication, the user level is specified by the user privilege command in VTY mode.

Other related questions:
How to increase the level of commands in different views
By default, a switch has four user levels, ranging from 0 to 3. To increase the level of a command in a view, run the command-privilege level command. For example, a level 3 user can use the delete or format command in the user view to delete the startup file or format the storage device that saves the startup file. To increase the level of the delete and format commands, create a user account of a higher level and run the following commands: command-privilege level 15 view shell delete Only level 15 users can use the commands starting with delete in the user view (shell). command-privilege level 15 view shell format Only level 15 users can use the commands starting with format in the user view (shell).

Which versions do not support user level change
Run the super password command to set the password used to change a user from a lower level to a higher level. By default, the system does not set the password used to change a user from a lower level to a higher level. Set this password to ensure successful user level changes. Only V100R006C03, V100R006C05, V200R003 and V200R005 do not support the super password command for setting the password used to change a user from a lower level to a higher level. NOTICE: Huawei switches use the combination of user name, password, and level to control users' operation rights. If you use the super command to switch user levels, this right control method will become invalid. Moreover, any user can use the super password of a higher level to obtain high-level operation rights. Therefore, you are not advised to use the super command to switch user levels.

Why level-1 users can run configuration-level commands on S series switches
Level-1 users can use only the commands at level 1 and level 0, but cannot use the level-2 (configuration-level) commands. You can use the following three methods to set the user level for users logging in through AAA local authentication. The user level set in the first method has the highest priority, and the user level set in the last method has the lowest priority. Run the local-user user-name privilege level level command in the AAA view to set the user level for the user named user-name. Run the admin-user privilege level level command in the service scheme view to set a user level for all users in a domain. Run the user privilege level level command in the user view to set a user level for all users logging in through the user view. By default, the users on the console port are at level 15 and the users on the VTY user interface are at level 0. Therefore, user level 1 set in the user view does not take effect because a higher user level has been set in the AAA or service scheme view.

Why can a user use commands higher than level 1 after the user level configured on the RADIUS server for the user is set to level 1
Run the display current-configuration command to check the configuration on the router and check whether the command line level has been changed by running the command-privilege level command.

Relationship between user permissions and command levels on AR routers
The system grants different users access permissions and different command levels so that the AR router can limit the access permissions and operations of users. User levels correspond to command levels. Users can use only the commands at the same or lower level than their own levels. By default, there are four command levels 0 to 3 and 16 user levels 0 to 15. The table shows the relationship between command levels and user levels.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top