11-14
level switch succeeds; for the user logged in from any of the AUX, TTY, or VTY user interfaces, the
AAA authentication is performed.
z scheme local: First scheme and then local, that is, AAA authentication is performed first, and if
the AAA configuration is invalid (domain parameters or authentication scheme are not configured)
or the server does not respond, the authentication requiring the local password is performed.
If the authentication mode for login users of the current user interface is set to none or password with
the authentication-mode none or authentication-mode password command, the user does not
need to input the username when logging in; therefore, if scheme authentication is required for the
privilege level switch, the system prompts for the username and password (the username and the
password must be the same with those configured on the AAA server); in other cases, no username is
required.
Follow these steps to switch the user privilege level:
To do… Use the command… Remarks
Enter system view
system-view
—
Set the authentication mode for
user privilege level switch
super authentication-mode
{
local
|
scheme
}
*
Optional
local
by default.
Configure the password (used for
the
local
authentication mode) for
user privilege level switch
super password
[
level
user-level
] {
simple
|
cipher
}
password
Required
By default, no password is
configured.
Exit to user view
quit
—
Switch the user privilege level
super
[ level ]
Required
When logging in to the AP, a user
has a user privilege level, which is
decided by user interface or
authentication user level.
z When you configure the password for switching the user privilege level with the super password
command, the user privilege level is 3 if no user privilege level is specified.
z The password for switching the user privilege level can be displayed in both cipher text and simple
text. You are recommended to adopt the former as the latter is easily cracked.
z When the authentication mode is set to local, you need to configure the local password before
switching a user to a higher user privilege level.
z When the authentication mode is set to scheme, you need to configure AAA related parameters
before switching a user to a higher user privilege level.
z The timeout time of AAA authentication is 120 seconds, after that, the AAA authentication is
considered as no response.
z The privilege level switch fails after three consecutive unsuccessful password attempts.
To Next Page
Loading...
