Configuring User Privilege And Command Levels; Configuring A User Privilege Level - HP 3100 v2 Series Configuration Manual

Configuring user privilege and command levels

To avoid unauthorized access, the device defines the user privilege levels and command levels
in Table 7. User privilege levels correspond to command levels. A user who has been logged in with
a specific privilege level can use only the commands at that level or lower levels.
All commands are categorized into four levels: visit, monitor, system, and manage, and are identified
from low to high, respectively by 0 through 3.
Table 7 Command levels and user privilege levels
Lev Privileg
el e
0 Visit
1 Monitor
2 System
3 Manage

Configuring a user privilege level

If the authentication mode on a user interface is scheme, configure a user privilege level for users
who access the interface by using the AAA module or directly on the user interface. For SSH users
who use public-key authentication, the user privilege level configured directly on the user interface
always takes effect. For other users, the user privilege level configured in the AAA module has
priority over the one configured directly on the user interface.
If the authentication mode on a user interface is none or password, configure the user privilege level
directly on the user interface.
For more information about user login authentication, see "Logging in to the CLI." For more
information about AAA and SSH, see Security Configuration Guide.
Configuring a user privilege level for users by using the AAA module
Step
1. Enter system view.
2. Enter user interface view.
Default set of commands
Includes commands for network diagnosis and commands for accessing an external
device. Configuration of commands at this level cannot survive a device restart. Upon
device restart, the commands at this level are restored to the default settings.
Commands at this level include ping, tracert, telnet and ssh2.
Includes commands for system maintenance and service fault diagnosis. Commands
at this level are not saved after being configured. After the device is restarted, the
commands at this level are restored to the default settings.
Commands at this level include debugging, terminal, refresh, and send.
Includes service configuration commands, including routing configuration commands
and commands for configuring services at different network levels.
By default, commands at this level include all configuration commands except for those
at manage level.
Includes commands that influence the basic operation of the system and commands
for configuring system support modules.
By default, commands at this level involve the configuration commands of file system,
FTP, TFTP, Xmodem download, user management, level setting, and parameter
settings within a system, which are not defined by any protocols or RFCs.
Command
system-view
user-interface { first-num1
[ last-num1 ] | { aux | vty }
first-num2 [ last-num2 ] }
13
Remarks
N/A
N/A