display commands. The switching operation is effective for the current login. After the user logs back in, the user privilege restores to the original level.
•To avoid problems, HP recommends that administrators log in to the switch by using a lower privilege level and view switch operating parameters. To maintain the switch, administrators can temporarily switch to a higher level.
•If the administrators need to leave or need to ask someone else to temporarily manage the switch, they can switch to a lower privilege level to restrict the operation by others.
Setting the authentication mode for user privilege level switch
•A user can switch to a privilege level equal to or lower than the current one unconditionally and is not required to input a password (if any).
•For security, a user is required to input the password (if any) to switch to a higher privilege level. The authentication falls into one of the following four categories:
Authentication | Meaning | Description | |
mode | |||
|
| ||
|
| The switch authenticates a user by using the privilege level switch | |
local | Local password | password input by the user. | |
authentication | When this mode is applied, you need to set the password for | ||
| |||
|
| privilege level switch with the super password command. | |
|
|
| |
|
| The switch sends the username and password for privilege level | |
|
| switch to the HWTACACS or RADIUS server for remote | |
| Remote AAA | authentication. | |
| When this mode is applied, you need to perform the following | ||
| authentication | ||
| configurations: | ||
scheme | through | ||
• Configure HWTACACS or RADIUS scheme and reference the | |||
| HWTACACS or | ||
| created scheme in the ISP domain. For more information, see the | ||
| RADIUS | ||
| Security Configuration Guide. | ||
|
| ||
|
| • Create the corresponding user and configure password on the | |
|
| HWTACACS or RADIUS server. | |
|
|
| |
| Performs the local | The switch authenticates a user by using the local password first. If | |
| password | ||
| no local password is set, the privilege level is switched directly for | ||
| authentication first | ||
local scheme | the users logged in from the AUX port, and remote AAA | ||
and then the | |||
| authentication is performed on the users logged in from VTY user | ||
| remote AAA | ||
| interfaces. | ||
| authentication | ||
|
| ||
|
|
| |
| Performs remote |
| |
| AAA | AAA authentication is performed first, and if the remote | |
scheme local | authentication first | HWTACACS or RADIUS server does not respond or AAA | |
and then the local | configuration on the switch is invalid, the local password | ||
| |||
| password | authentication is performed. | |
| authentication |
| |
|
|
|
Follow these steps to set the authentication mode for user privilege level switch:
To do… | Use the command… | Remarks |
Enter system view | — | |
|
|
|
Set the authentication mode for user privilege level switch
super
17