18
Switching user privilege level
Users can switch to a different user privilege level temporarily without logging out and terminating the current
connection. After the privilege level switch, users can continue to configure the switch without the must re-log
in, but the commands that they can execute have changed. For example, if the current user privilege level is
3, the user can configure system parameters. After switching to user privilege level 0, the user can only
execute simple commands, like ping and tracert, and only a few display commands. The switching
operation is effective for the current login. After the user relogs in, the user privilege restores to the original
level.
• To avoid problems, HP recommends that administrators log in to the switch by using a lower privilege
level and view switch operating parameters, and when they have to maintain the switch, they can
switch to a higher level temporarily
• If the administrators need to leave for a while or ask someone else to manage the switch temporarily,
they can switch to a lower privilege level before they leave to restrict the operation by others.
Setting the authentication mode for user privilege level switch
CAUTION:
• If no user privilege level is specified when you configure the password for switching the user privilege
level with super password, the user privilege level defaults to 3.
• If you specify the simple keyword, the password is saved in the configuration file in plain text, which is
easy to be stolen. If you specify the cipher keyword, the password is saved in the configuration file in
cipher text, which is safer.
• If the user logs in from the AUX user interface (the console port), the user can switch the privile
e level
to a higher level even if the authentication mode is local and no password for user privilege level switch
is configured.
• A user can switch to a privilege level equal to or lower than the current one unconditionally and is not
required to enter a password (if any).
• For security, a user is required to enter the password (if any) to switch to a higher privilege level. The
authentication falls into one of the following four categories:
Authentication
mode
Meaning Description
local
Local password
authentication
The switch authenticates a user by using the privilege level switch
password entered by the user.
When this mode is applied, you must set the password for privilege
level switch with super password.
scheme
Remote AAA
authentication
through
HWTACACS or
RADIUS
The switch sends the username and password for privilege level
switch to the HWTACACS or RADIUS server for remote
authentication.
When this mode is applied, you must perform the following
configurations:
• Configure HWTACACS or RADIUS scheme and reference the
created scheme in the ISP domain. For more information, see
Security Configuration Guide.
• Create the corresponding user and configure password on the
HWTACACS or RADIUS server.
To Next Page
Loading...
Need help?
General
