11-10
Configuring User Privilege Levels and Command Levels
Introduction
To restrict different users’ access to the AP, the system manages the users by their privilege levels. User
privilege levels correspond to command levels. After users at different privilege levels log in, they can
only use commands at their own, or lower, levels. All the commands are categorized into four levels,
which are visit, monitor, system, and manage from low to high, and identified respectively by 0 through
3.
Table 11-3 describes the levels of the commands.
Table 11-3 Default command levels
Level Privilege Description
0 Visit
Involves commands for network diagnosis and commands for accessing an
external AP. Commands at this level are not allowed to be saved after being
configured. After the AP is restarted, the commands at this level will be
restored to the default settings. Commands at this level include
ping
,
tracert
, and
telnet
.
1 Monitor
Includes commands for system maintenance and service fault diagnosis.
Commands at this level are not allowed to be saved after being configured.
After the AP is restarted, the commands at this level will be restored to the
default settings. Commands at this level include
debugging
,
terminal
,
refresh
,
reset
, and
send
.
2 System
Provides service configuration commands, including routing and commands
at each level of the network for providing services. By default, commands at
this level include all configuration commands except for those at manage
level.
3 Manage
Influences the basic operation of the system and the system support
modules for service support. By default, commands at this level involve file
system, FTP, TFTP, Xmodem command download, user management,
level setting, as well as parameter setting within a system (the last case
involves those non-protocol or non RFC provisioned commands).
Configuring user privilege level
User privilege level can be configured by using AAA authentication parameters or under a user
interface.
1) Configure user privilege level by using AAA authentication parameters
If the user interface authentication mode is scheme when a user logs in, and username and password
are needed at login, then the user privilege level is specified in the configuration of AAA authentication.
Follow these steps to configure user privilege level by using AAA authentication parameters:
To do… Use the command… Remarks
Enter system view
system-view
—
Enter user interface view
user-interface
{ first-num1
[ last-num1 ] | {
console
|
vty
}
first-num2 [ last-num2 ] }
—
Configure the authentication mode
for logging in to the user interface
as
scheme
authentication-mode
scheme
Required
By default, the authentication
mode for VTY users is
password
,
and no authentication is needed for
console users.
Exit to system view
quit
—
To Next Page
Loading...
Need help?
General
