59
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter user line view or use
line class view.
• Enter user line view:
line { first-num1 [ last-num1 ] |
{ aux | vty } first-num2
[ last-num2 ] }
• Enter user line class view:
line class { aux | vty }
For information about the priority
order and application scope of the
configurations in user line view and
user line class view, see "Logging in to
the CLI."
3. Specify a user role on the
user line.
user-role role-name
Repeat this step to specify a maximum
of 64 user roles on a user line.
By default, network-admin is specified
on the AUX user line, and
network-operator is specified on any
other user line.
The device does not assign the
security-audit user role to non-AAA
authentication users.
Configuring temporary user role authorization
Temporary user role authorization allows you to obtain a user role you are not logged in with without
reconnecting to the device. This feature is useful when you want to use a user role temporarily to
configure a feature.
Temporary user role authorization is effective only on the current login. It does not change the user role
settings in the user account that you have been logged in with. The next time you are logged in with the
user account, the original user role settings take effect.
Configuration guidelines
When you configure temporary user role authorization, follow these guidelines:
• To enable users to obtain temporary user role authorization, you must configure user role
authentication. Table 10 des
cribes the available authentication modes and configuration
requirements.
• Local password authentication is available for all user roles, but remote AAA authentication is
available only for level-n user roles.
{ If HWTACACS authentication is used, use a user account that has the target user role level or a
user role level higher than the target user role. For example, if the user account test has the user
role level-3, you can use this user account to obtain the authorization of the level-0, level-1,
level-2, or level-3 user role. When you use this method, you must enter the correct username
and password to pass authentication.
{ If RADIUS authentication is used, you must create a user account for each level-n user role in the
$enabn$ format or the $enabn$@domain-name format, where n represents the user role level.
When you use this method, the username you enter is ignored. You can pass authentication as
long as the password is correct.
• If you execute the quit command after obtaining user role authorization, you are logged out of the
device.