Description of user levels on AR routers


User levels on AR routers are as follows:
You can configure different user levels to control access rights of different users and improve device security. There are 16 user levels numbered from 0 to 15, in ascending order of priority.
Visit level-0: It is used for network diagnosis, access to the external device, such as ping, tracert, and Telnet.
Monitoring level-1: It is used for system maintenance, including display commands and other commands. Some display commands are unavailable at this level. For example, the display current-configuration and display saved-configuration commands are level-3 management commands.
Configuration level-2: Service configuration commands.

Management level-3 to 15: They are used to control basic system operations, including system file, FTP/TFTP download, user management, command level setting, and debugging commands.

User levels correspond to the command levels. Users can use only the commands at the same or lower level than their own levels.
By default, users logging in from the console port can run level 15 commands.
By default, the user level of other login modes is 0 (visit level), that is, after the user logs in to a device, the user can only run the commands at level 0, including ping, tracert, and other commands for network diagnosis.

Other related questions:
How many user levels does an AR router support
An AR router supports user levels 0-15. The value 0 indicates the visit level, value 1 indicates the user level, value 2 indicates the configuration level, values 3 to 15 indicate the management level.

Relationship between user permissions and command levels on AR routers
The system grants different users access permissions and different command levels so that the AR router can limit the access permissions and operations of users. User levels correspond to command levels. Users can use only the commands at the same or lower level than their own levels. By default, there are four command levels 0 to 3 and 16 user levels 0 to 15. The table shows the relationship between command levels and user levels.

How to set the command level in the specified view
The procedure for setting the command level in the specified view is as follows: Command format: command-privilege level < level > view < view-name > < command-key > To adjust the command level, see the following examples: Example 1: Set the level of the save command to 5. [Huawei] command-privilege level 5 view user save Example 2: Adjust the permission of the configuration file to a lower-level command. [Huawei]command-privilege level 2 view system display current-configuration The system grants different command levels. Each command in each view has a specified level. The administrator can change the command level based on user requirements to enable a lower-level user to use some high-level commands, or raise the command level to improve device security. It is recommended that the default command level be not changed without permission.

How to configure a user level on an AR router
Methods of configuring user levels vary with specific scenarios (command lines):
- Configure a user level for a user.
[Huawei] aaa
[Huawei-aaa] local-user user1 privilege level 15  //Set the user level of user 1 to 15.  
-  Configure a user level for all users under a domain.
[Huawei] aaa
[Huawei-aaa] service-scheme sch1
[Huawei-aaa-service-sch1] admin-user privilege level 15  //Set the user level of all users under a domain to 15.  
-  Configure a user level for all users who log in through a page (take the VTY view as an example).
[Huawei] user-interface maximum-vty 15
[Huawei] user-interface vty 0 14
[Huawei-ui-vty0-14] user privilege level 15  //Set the user level in the VTY 0 to VTY 14 views to 15.
The preceding command is used to modify a user level as well. This command overwrites preceding operation results. Therefore, if this command is run multiple times, the last-time operation prevails.
If the user level configured on a page conflicts with the corresponding operation permission of a user, the operation permission prevails.

Configure a user level in web mode.
1.  Choose User Management > User Management.
2.  Click an icon of a desired local user from the user list.
3.  Enter corresponding content.
  a.  The super administrator enters Access level in order to modify the access level of other users.
  b.  To change Access level from the common user to the administrator (common administrator, enterprise administrator, or super administrator), enter New password and confirm Confirm password.

Description of the E1 interface of an AR router
1. E1/T1: E1/T1 is a technology of using the synchronous time division multiplexing technology to combine multiple audio channels into a 2 Mbit/s or 1.5 Mbit/s high-speed channel. - Maximum rate of E1 cards: 32 (timeslots) x 64 (kbit/s per timeslot) = 2048 kbit/s - Maximum rate of T1 cards: 24 (timeslots) x 64 (kbit/s per timeslot) = 1536 kbit/s - CE1/CT1 cards can determine multiple groups of timeslots and have the Controller view. However, E1 cards can determine only one group of timeslots in the framed mode (other timeslots cannot be used). 2. E1 interfaces are configured on E1/T1 cards and can be seen as serial interfaces (currently supported by AR1200(S)/AR2200(S)/AR3200(S)/AR3600). - 1E1T1-M/2E1T1-M support the E1/CE1/CT1/PRI(E1&T1) interface. - 4E1T1-M/8E1T1-M support the E1/CE1/PRI(E1) interface. - 1E1T1-F/2E1T1-F support the framed/unframed E1/T1 interface. - 4E1T1-F/8E1T1-F support the framed/unframed E1 interface. - The character M in a model name indicates Multiflex Trunk, that is, the model can be fully channelized. The character F in a model name indicates Fractional, that is, the model can be partially channelized. 3. The CE1/PRI interface is the physical interface of the E1 system. It can work in E1 mode (unchannelized mode) or CE1/PRI mode (channelized mode). - In E1 mode, the CE1/PRI interface works as an interface not divided by timeslots, whose bandwidth is 2.048 Mbit/s. - In CE1/PRI mode, the 2M line is divided into 32 timeslots of 64 KB, which are numbered from 0 to 31. Timeslot 0 is used to transfer frame alignment information. a. CE1 interface: All timeslots except timeslot 0 are randomly divided into multiple groups (channel sets). Each group is corresponding to a separated channel. b. PRI interface: Bundle timeslot 16 (D channel) and any one of timeslots 1 to 15 or 17 to 31 (B channel) into a group (PRI set). c. CE1 interfaces can be divided into multiple groups. However, only one group can be bundled for PRI interfaces. 4. The CT1/PRI interface is the physical interface of the T1 system. - CT1 interface: All timeslots (timeslot 1 to 24) can be randomly divided into multiple groups. Timeslots in each group are bundled into a channel set. - PRI interface: Randomly bundle timeslot 24 (D channel) and any one of timeslots 1 to 23 (B channel) into a group (PRI set). - CT1 interfaces can be divided into multiple groups. However, only one group can be bundled for PRI interfaces. 5. E1 interfaces, channel sets, and PRI sets can all be seen as serial interfaces, which have the same logical characteristics as synchronous serial interfaces and support IP network protocols and protocols in the data link layer, such as PPP and HDLC frame relay X.25 protocol (PRI sets do not support the HDLC frame relay X.25 protocol and channel sets of CT1 interfaces do not support the X.25 protocol).

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top