How do I configure the super password on an AR

26

Users are assigned one of the 16 levels, which correspond to command levels. After logging in to an AR, users can use only the commands whose levels are equal to or lower than their levels. The method for configuring the super password on an AR is as follows:
1. For versions earlier than V200R005C00: Users at a lower level can run the super [level] command to switch to a higher level. For security reasons, when a user is switched from a lower level to a higher level, the AR prompts the user to change the password for authentication. You can run the super password [level user-level] [cipher password] command in the system view to configure this password. For example:
[HUAWEI] super password level 3 cipher Helloworld@6789
2. For V200R006C13 and later versions:
Users at a lower level can run the super [level] command to switch to a higher level. For security reasons, when a user is switched from a lower level to a higher level, the AR prompts the user to change the password for authentication. You can run the super password [level user-level] cipher command in the system view to configure this password in interactive mode.

Other related questions:
ARs' support for the super password
Users are assigned one of the 16 levels, which correspond to command levels. After logging in to an AR, users can use only the commands whose levels are equal to or lower than their levels. For ARs running versions earlier than V200R005C00 or V200R006C13 and later versions, you can run the super command to switch the user level. To prevent access of unauthorized users, the AR requires the user to enter the authentication password for the higher user level to authenticate the user identity. You can run the super password command to set an authentication password used to switch a user from a lower level to a higher level.

Setting the super password for the USG2000&5000
When a lower-level user is switched to a higher-level user, user identity authentication is required to prevent unauthorized access. That is, the password of the higher-level user is required. The super password command can be used to set the password used to switch a lower-level user to a higher-level user. An example is provided for setting the super password. # Configure the password to Abcd@1234 for switching from a lower-level user to a level-3 user. system-view [sysname] super password level 3 cipher Abcd@1234 Note: A configured password cannot be retrieved from the system. You should carefully keep the password in case that you may forget or lose it.

How to configure a super-VLAN on an AR router
1. In the VLAN view, run the aggregate-vlan command to create a super-VLAN which does not contain any interface. 2. Run the access-vlan { vlan-id1 [ to vlan-id2 ] } &<1-10> command to add VLANs (sub-VLANs) to the super-VLAN. 3. Create a VLANIF interface for the super-VLAN, and configure a route. After the configuration, users under different VLANs can access the Internet over the super-VLAN.

How do I restore the BootROM login password of an AR if I forget it
The method is as follows: You can log in to an AR through the console port to reset the BootROM login password. 1. Log in to the AR through the console port. 2. Restore the default password. [Huawei] diagnose [Huawei-diagnose] restore boot-password Info: Restore boot password success! [Huawei-diagnose] return 3. Run the reboot command in the user view to restart the AR. 4. When the message "Press Ctrl+B to break auto startup ..." is displayed, press Ctrl+B and enter the default password ("huawei" for V200R003C01 and earlier versions, and "Admin@huawei" for V200R005C00 and later versions) to enter the BootROM main menu. 5. Choose Password Manager > Modify the menu password from the BootROM main menu and change the password as prompted. 6. Choose Return > Default Startup from the BootROM main menu.

How to configure or change the password for console port login on an AR
You can use either of the following methods to configure or change the password for console port login on an AR: Method 1: Log in to the AR using Telnet or other remote login modes, and configure and change the console port login password. The following is an example (using Telnet): If you have a Telnet account and administrator rights, log in to the AR using Telnet, change the console port login password, and save the configuration. 1. Log in to the AR using a Telnet account. 2. Change the console port login password. The following example changes the authentication mode to password authentication and the password to huawei@123. [Huawei] user-interface console 0 [Huawei-ui-console0] authentication-mode password [Huawei-ui-console0] set authentication password cipher huawei@123 //Enter the password in interactive mode (V200R005C00 and later versions). [Huawei-ui-console0] return The following example changes the authentication mode to AAA authentication, user name to admin123, and password to Huawei@123. [Huawei] user-interface console 0 [Huawei-ui-console0] authentication-mode aaa [Huawei-ui-console0] quit [Huawei] aaa [Huawei-aaa] local-user admin123 password irreversible-cipher Huawei@123 [Huawei-aaa] local-user admin123 privilege level 15 [Huawei-aaa] local-user admin123 service-type terminal [Huawei-aaa] return 3. Run the save command to save the configuration to prevent configuration loss after a restart. Method 2: Clear the console port login password on the BootROM menu and change the password. You can clear the password for console port login on the BootROM menu. The system can skip password check when you log in to it through the console port. After the AR restarts, change the console port login password and save the configuration. // After the password is cleared, no password is required for the first login through the serial port. If you do not promptly change the password, you cannot re-login through the serial port after logout. 1. Connect a serial cable to the AR and restart it. When the message "Press Ctrl+B to break auto startup ..." is displayed, press Ctrl+B and enter the default password ("huawei" for V200R003C01 and earlier versions, and "Admin@huawei" for V200R005C00 and later versions) to enter the BootROM main menu. 2. Choose Password Manager > Clear the console login password > Return > Default Startup on the BootROM main menu. On the page that is displayed, clear the console port login password. Note: When you log in through the console port after the system is started, you will encounter three conditions depending on the device model. Perform the following operations as required: a. If the system prompts you to enter the password when you log in, set a password. b. If the AR is running V200R005C30 or a later version, enter the default user name (admin) and password (Admin@huawei). c. If no authentication is required when you log in, configure the console port password after the login.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top