Switching user privilege level, Introduction – H3C Technologies H3C S5120 Series Switches User Manual

1-13

<Sysname> system-view

[Sysname] user-interface vty 0 15

[Sysname-ui-vty1] authentication-mode password

[Sysname-ui-vty0-15] set authentication password cipher 123

[Sysname-ui-vty0-15] user privilege level 2

By default, when users log in to the device through Telnet, they can use the commands of level 0 after

passing the authentication. After you set the user privilege level under the user interface, when users

log in to the device through Telnet, they need to input password 123, and then they can use commands

of levels 0, 1, and 2.

Switching user privilege level

Introduction

Users can switch their user privilege level temporarily without logging out and disconnecting the current

connection; after the switch, users can continue to configure the device without the need of relogin and

reauthentication, but the commands that they can execute have changed. For example, if the current

user privilege level is 3, the user can configure system parameters; after switching the user privilege

level to 0, the user can only execute some simple commands, like ping and tracert, and only a few

display commands. The switching of user privilege level is temporary, and effective for the current login;

after the user relogs in, the user privilege restores to the original level.

To avoid misoperations, the administrators are recommended to log in to the device by using a lower

privilege level and view device operating parameters, and when they have to maintain the device, they

can switch to a higher level temporarily; when the administrators need to leave for a while or ask

someone else to manage the device temporarily, they can switch to a lower privilege level before they

leave to restrict the operation by others.

Users can switch from a high user privilege level to a low user privilege level without entering a

password; when switching from a low user privilege level to a high user privilege level, only the AUX

login users do not have to enter the password, and users that log in from VTY user interfaces need to

enter the password for security’s sake. This password is for level switching only and is different from the

login password. If the entered password is incorrect or no password is configured, the switching fails.

Therefore, before switching a user to a higher user privilege level, you should configure the password

needed.

Follow these steps to switch user privilege level:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure the password for
switching the user privilege
level

super password [ level
user-level ] { simple | cipher }
password

Required

By default, no password is
configured.

Exit to user view

quit

—

Switch the user privilege level

super [ level ]

Required

When logging in to the device,
a user has a user privilege
level, which is decided by user
interface or authentication user
level.