Hwtacacs Authentication Configuration Example - H3C S5600 Series Operation Manual

Hide thumbs Also See for S5600 Series:

Operation manual (1278 pages)

Configuration (313 pages)

Operation manual (1096 pages)

Table of Contents

If no user level is specified in the super password command or the super command, level 3 is

used by default.

For security purpose, the password entered is not displayed when you switch to another user level.

You will remain at the original user level if you have tried three times but failed to enter the correct

authentication information.

Configuration examples

After a general user telnets to the switch, his/her user level is 0. Now, the network administrator wants to

allow general users to switch to level 3, so that they are able to configure the switch.

Super password authentication configuration example

The administrator configures the user level switching authentication policies.

# Set the user level switching authentication mode for VTY 0 users to super password authentication.

<Sysname> system-view

[Sysname] user-interface vty 0

[Sysname-ui-vty0] super authentication-mode super-password

[Sysname-ui-vty0] quit

# Set the password used by the current user to switch to level 3.

[Sysname] super password level 3 simple 123

A VTY 0 user switches its level to level 3 after logging in.

# A VTY 0 user telnets to the switch, and then uses the set password to switch to user level 3.

<Sysname> super 3

User privilege level is 3, and only those commands can be used

whose level is equal or less than this.

Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

# After configuring the switch, the general user switches back to user level 0.

<Sysname> super 0

User privilege level is 0, and only those commands can be used

whose level is equal or less than this.

Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE