H3C S3100 Series Operation Manual page 19

Operation
Enter system view
Enter ISP domain view
Set the HWTACACS
authentication scheme for
user level switching
When setting the HWTACACS authentication scheme for user level switching using the authentication
super hwtacacs-scheme command, make sure the HWTACACS authentication scheme identified by
the hwtacacs-scheme-name argument already exists. Refer to AAA Operation for information about
HWTACACS authentication scheme.
Switching to a specific user level
Follow these steps to switch to a specific user level:
Operation
Switch to a specified user level
If no user level is specified in the super password command or the super command, level 3 is
used by default.
For security purpose, the password entered is not displayed when you switch to another user level.
You will remain at the original user level if you have tried three times but failed to enter the correct
authentication information.
Configuration example
After a general user telnets to the switch, his/her user level is 0. Now, the network administrator wants to
allow general users to switch to level 3, so that they are able to configure the switch.
1) Super password authentication configuration example
The administrator configures the user level switching authentication policies.
# Set the user level switching authentication mode for VTY 0 users to super password authentication.
<Sysname> system-view
[Sysname] user-interface vty 0
[Sysname-ui-vty0] super authentication-mode super-password
[Sysname-ui-vty0] quit
Command
system-view
domain domain-name
authentication super
hwtacacs-scheme
hwtacacs-scheme-name
Command
super [ level ]
1-6
Description
—
—
Required
By default, the HWTACACS
authentication scheme for user level
switching is not set.
Remarks
Required
Execute this command in user view.