Configuration Guide Basic Management
2.3.1 User Access Control
User access control refers to the control of terminal access to network devices on the internet based on passwords and
privileges.
Working Principle
Privilege Level
16 privilege levels are defined ranging from 0 to 15 for CLI on network devices to grant users access to different commands.
Level 0 is the lowest level granting access to just a few commands, whereas level 15 is the highest level granting access to
all commands. Levels 0 and 1 are common user levels without the device configuration permission (users are not allowed to
enter global configuration mode by default). Levels 2–15 are privileged user levels with the device configuration permission.
Password Classification
Passwords are classified into two types: password and security. The first type refers to simple encrypted passwords at level
15. The second type refers to secure encrypted passwords at levels 0–15. If a level is configured with both simple and secure
encrypted passwords, the simple encrypted password will not take effect. If you configure a non-15 level simple encrypted
password, a warning is displayed and the password is automatically converted into a secure encrypted password. If you
configure the same simple encrypted password and secure encrypted password at level 15, a warning is displayed.
Password Protection
Each privilege level on a network device has a password. An increase in privilege level requires the input of the target level
password, whereas a reduction in privilege level does not require password input.
By default, only two privilege levels are password-protected, namely, level 1 (common user level) and level 15 (privileged
user level). Sixteen privilege levels with password protection can be assigned to the commands in each mode to grant
access to different commands.
If no password is configured for a privileged user level, access to this level does not require password input. It is
recommended that a password be configured for security purposes.
Command Authorization
Each command has its lowest execution level. A user with a privilege level lower than this level is not allowed to run the
command. After the command is assigned a privilege level, users at this level and higher have access to the command.
Related Configuration
Configuring a Simple Encrypted Password
Run the enable password command.
Configuring a Secure Encrypted Password
Run the enable secret command.
To Next Page
Loading...
Need help?
General
