11-13
send Send information to other user terminal interface
super Set the current user priority level
telnet Establish one TELNET connection
terminal Set the terminal line characteristics
tftp Open TFTP connection
tracert Trace route function
undo Cancel current setting
z Authenticate the users logging in to the AP through Telnet, verify their passwords, and specify the
user privilege levels as 2.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty1] authentication-mode password
[Sysname-ui-vty0-4] set authentication password cipher 123
[Sysname-ui-vty0-4] user privilege level 2
By default, when users log in to the AP through Telnet, they can use the commands of level 0 after
passing the authentication. After you set the user privilege level under the user interface, when users
log in to the AP through Telnet, they need to input password 123, and then they can use commands of
levels 0, 1, and 2.
Switching user privilege level
Users can switch their user privilege level temporarily without logging out and disconnecting the current
connection; after the switch, users can continue to configure the AP without the need of relogin, but the
commands that they can execute have changed. For example, if the current user privilege level is 3, the
user can configure system parameters; after switching the user privilege level to 0, the user can only
execute some simple commands, like ping and tracert, and only a few display commands. The
switching of user privilege level is effective for the current login; after the user relogs in, the user
privilege restores to the original level.
z To avoid misoperations, the administrators are recommended to log in to the AP by using a lower
privilege level and view AP operating parameters, and when they have to maintain the AP, they can
switch to a higher level temporarily
z When the administrators need to leave for a while or ask someone else to manage the AP
temporarily, they can switch to a lower privilege level before they leave to restrict the operation by
others.
1) A user can switch to a privilege level equal to or lower than the current one unconditionally and is
not required to input the password (if any).
2) A user is required to input the password (if any) to switch to a higher privilege level for security
sake.
z local: Authenticates a user by using the local password set with the super password command. In
this case, when no password is set with the super password command, privilege level switch
succeeds if the user is logged in from the console port (here indicates the console port or the AUX
port used as the console port), and the switch fails if the user is logged in from any of the AUX, TTY,
or VTY user interfaces or inputs an incorrect switch password.
z scheme: AAA authentication. For information about AAA, see AAA in the Security Configuration
Guide.
z local scheme: First local and then scheme, that is, authenticates a user by using the local
password first, and if no password is set, for the user logged in from the console port, the privilege
To Next Page
Loading...
