ARs' support for the super password

3

Users are assigned one of the 16 levels, which correspond to command levels. After logging in to an AR, users can use only the commands whose levels are equal to or lower than their levels.
For ARs running versions earlier than V200R005C00 or V200R006C13 and later versions, you can run the super command to switch the user level. To prevent access of unauthorized users, the AR requires the user to enter the authentication password for the higher user level to authenticate the user identity. You can run the super password command to set an authentication password used to switch a user from a lower level to a higher level.

Other related questions:
How do I configure the super password on an AR
Users are assigned one of the 16 levels, which correspond to command levels. After logging in to an AR, users can use only the commands whose levels are equal to or lower than their levels. The method for configuring the super password on an AR is as follows: 1. For versions earlier than V200R005C00: Users at a lower level can run the super [level] command to switch to a higher level. For security reasons, when a user is switched from a lower level to a higher level, the AR prompts the user to change the password for authentication. You can run the super password [level user-level] [cipher password] command in the system view to configure this password. For example: [HUAWEI] super password level 3 cipher Helloworld@6789 2. For V200R006C13 and later versions: Users at a lower level can run the super [level] command to switch to a higher level. For security reasons, when a user is switched from a lower level to a higher level, the AR prompts the user to change the password for authentication. You can run the super password [level user-level] cipher command in the system view to configure this password in interactive mode.

Setting the super password for the USG2000&5000
When a lower-level user is switched to a higher-level user, user identity authentication is required to prevent unauthorized access. That is, the password of the higher-level user is required. The super password command can be used to set the password used to switch a lower-level user to a higher-level user. An example is provided for setting the super password. # Configure the password to Abcd@1234 for switching from a lower-level user to a level-3 user. system-view [sysname] super password level 3 cipher Abcd@1234 Note: A configured password cannot be retrieved from the system. You should carefully keep the password in case that you may forget or lose it.

What versions AR routers support Super command
The AR router V200R005C00 version and V200R006C13 before and after version supports Super command.

How to configure a super-VLAN on an AR router
1. In the VLAN view, run the aggregate-vlan command to create a super-VLAN which does not contain any interface. 2. Run the access-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> command to add VLANs (sub-VLANs) to the super-VLAN. 3. Create a VLANIF interface for the super-VLAN, and configure a route. After the configuration, users under different VLANs can access the Internet over the super-VLAN.

Setting the super password for the SRG1200&2200&3200
When a lower-level user is switched to a higher-level user, user identity authentication is required to prevent unauthorized access. That is, the password of the higher-level user is required. The super password command can be used to set the password used to switch a lower-level user to a higher-level user. An example for configuring a super password is provided to describe # Configure the password used for switching from a lower-level user to a level-3 user to Abcd@1234. system-view [sysname] super password level 3 cipher Abcd@1234 Note: A configured password cannot be retrieved from the system. You should carefully keep the password in case that you may forget or lose it.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top