Switching User Privilege Level - HP 5800 Series Configuration Manual
Hide thumbs
Also See for 5800 Series:
- Command reference manual (396 pages) ,
- Quickspecs (53 pages) ,
- Configuration manual (294 pages)
Table of Contents
Advertisement
Switching user privilege level
Users can switch to a different user privilege level temporarily without logging out and terminating the current
connection. After the privilege level switch, users can continue to configure the switch without the must re-log
in, but the commands that they can execute have changed. For example, if the current user privilege level is
3, the user can configure system parameters. After switching to user privilege level 0, the user can only
execute simple commands, like ping and tracert, and only a few display commands. The switching
operation is effective for the current login. After the user relogs in, the user privilege restores to the original
level.
To avoid problems, HP recommends that administrators log in to the switch by using a lower privilege
•
level and view switch operating parameters, and when they have to maintain the switch, they can
switch to a higher level temporarily
If the administrators need to leave for a while or ask someone else to manage the switch temporarily,
•
they can switch to a lower privilege level before they leave to restrict the operation by others.
Setting the authentication mode for user privilege level switch
CAUTION:
If no user privilege level is specified when you configure the password for switching the user privilege
•
level with super password, the user privilege level defaults to 3.
If you specify the simple keyword, the password is saved in the configuration file in plain text, which is
•
easy to be stolen. If you specify the cipher keyword, the password is saved in the configuration file in
cipher text, which is safer.
If the user logs in from the AUX user interface (the console port), the user can switch the privilege level
•
to a higher level even if the authentication mode is local and no password for user privilege level switch
is configured.
A user can switch to a privilege level equal to or lower than the current one unconditionally and is not
•
required to enter a password (if any).
For security, a user is required to enter the password (if any) to switch to a higher privilege level. The
•
authentication falls into one of the following four categories:
Authentication
mode
local
scheme
Meaning
Description
The switch authenticates a user by using the privilege level switch
password entered by the user.
Local password
authentication
When this mode is applied, you must set the password for privilege
level switch with super password.
The switch sends the username and password for privilege level
switch to the HWTACACS or RADIUS server for remote
authentication.
Remote AAA
When this mode is applied, you must perform the following
authentication
configurations:
through
•
Configure HWTACACS or RADIUS scheme and reference the
HWTACACS or
created scheme in the ISP domain. For more information, see
RADIUS
Security Configuration Guide.
•
Create the corresponding user and configure password on the
HWTACACS or RADIUS server.
18
Hide quick links:
Advertisement
Table of Contents
