HP 6125G HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration - Page 23
Switching the user privilege level
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 23 highlights
Switching the user privilege level Users can switch to a different user privilege level without logging out and terminating the current connection. After the privilege level switching, users can continue to manage the device without relogging in, but the commands they can execute have changed. For example, with the user privilege level 3, a user can configure system parameters. After switching to user privilege level 0, the user can execute only basic commands like ping and tracert and use a few display commands. The switching operation is effective for the current login. After the user relogs in, the user privilege restores to the original level. To avoid problems, HP recommends that administrators log in with a lower privilege level to view switch operating parameters, and switch to a higher level temporarily only when they must maintain the device. When an administrator must leave for a while or ask someone else to manage the device temporarily, they can switch to a lower privilege level before they leave to restrict the operation by others. Configuring the authentication parameters for user privilege level switching A user can switch to a privilege level equal to or lower than the current one unconditionally and is not required to enter a password (if any). For security, a user is required to enter a password (if any) to switch to a higher privilege level. The authentication falls into one of the following categories: Keywords local scheme local scheme scheme local Authentication mode Local password authentication only (local-only) Remote AAA authentication through HWTACACS or RADIUS Description The device authenticates a user by using the privilege level switching password entered by the user. To use this mode, you must set the password for privilege level switching by using the super password command. The device sends the username and password for privilege level switching to the HWTACACS or RADIUS server for remote authentication. To use this mode, you must perform the following configuration tasks: • Configure the required HWTACACS or RADIUS schemes and configure the ISP domain to use the schemes for users. For more information, see Security Configuration Guide. • Add user accounts and specify the user passwords on the HWTACACS or RADIUS server. Local password authentication first and then remote AAA authentication The device authenticates a user by using the local password first, and if no password for privilege level switching is set, for the user logged in to the AUX user interface, the privilege level is switched directly; for VTY users, AAA authentication is performed. Remote AAA authentication first and then local password authentication AAA authentication is performed first, and if the remote HWTACACS or RADIUS server does not respond or AAA configuration on the device is invalid, the local password authentication is performed. To configure the authentication parameters for a user privilege level: 17