Switching the user privilege level – H3C Technologies H3C SecBlade LB Cards User Manual
Page 89
79
# Configure the device to perform no authentication for Telnet users, and to authorize authenticated
Telnet users to use level-0 and level-1 commands. (Use no authentication mode only in a secure network
environment.)
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] authentication-mode none
[Sysname-ui-vty0-4] user privilege level 1
# Display the commands a Telnet user can use after login. Because the user privilege level is 1, a Telnet
user can use more commands now.
<Sysname> ?
User view commands:
debugging Enable system debugging functions
display Display current system information
ipc Interprocess communication
ping Ping function
quit Exit from current command view
refresh Do soft reset
reset Reset operation
rsh Establish one RSH connection
screen-length Specify the lines displayed on one screen
send Send information to other user terminal interface
ssh2 Establish a secure shell client connection
super Set the current user priority level
telnet Establish one TELNET connection
terminal Set the terminal line characteristics
tracert Trace route function
undo Cancel current setting
# Configure the device to perform password authentication for Telnet users, and to authorize
authenticated Telnet users to use the commands of privilege levels 0, 1, and 2.
<Sysname> system-view
[Sysname] user-interface vty 0 4
[Sysname-ui-vty1] authentication-mode password
[Sysname-ui-vty0-4] set authentication password simple 123
[Sysname-ui-vty0-4] user privilege level 2
After the configuration is complete, when users Telnet to the device, they must enter the password
12345678. After passing authentication, they can use commands of levels 0, 1, and 2.
Switching the user privilege level
Users can switch to a different user privilege level without logging out and terminating the current
connection. After the privilege level switching, users can continue to manage the device without
relogging in, but the commands they can execute have changed. For example, with the user privilege
level 3, a user can configure system parameters. After switching to user privilege level 0, the user can
execute only basic commands like ping and tracert and use a few display commands. The switching
operation is effective for the current login. After the user relogs in, the user privilege restores to the
original level.