Filter
Top Products
display commands. The switching operation is effective for the current login. After the user logs back in,
the user privilege restores to the original level.
• To avoid problems, HP recommends that administrators log in to the switch by using a lower
privilege level and view switch operating parameters. To maintain the switch, administrators can
temporarily switch to a higher level.
• If the administrators need to leave or need to ask someone else to temporarily manage the switch,
they can switch to a lower privilege level to restrict the operation by others.
Setting the authentication mode for user privilege level switch
• A user can switch to a privilege level equal to or lower than the current one unconditionally and is
not required to input a password (if any).
• For security, a user is required to input the password (if any) to switch to a higher privilege level. The
authentication falls into one of the following four categories:
Authentication
mode
Meaning Description
local
Local password
authentication
The switch authenticates a user by using the privilege level switch
password input by the user.
When this mode is applied, you need to set the password for
privilege level switch with the super password command.
scheme
Remote AAA
authentication
through
HWTACACS or
RADIUS
The switch sends the username and password for privilege level
switch to the HWTACACS or RADIUS server for remote
authentication.
When this mode is applied, you need to perform the following
configurations:
• Configure HWTACACS or RADIUS scheme and reference the
created scheme in the ISP domain. For more information, see the
Security Configuration Guide.
• Create the corresponding user and configure password on the
HWTACACS or RADIUS server.
local scheme
Performs the local
password
authentication first
and then the
remote AAA
authentication
The switch authenticates a user by using the local password first. If
no local password is set, the privilege level is switched directly for
the users logged in from the AUX port, and remote AAA
authentication is performed on the users logged in from VTY user
interfaces.
scheme local
Performs remote
AAA
authentication first
and then the local
password
authentication
AAA authentication is performed first, and if the remote
HWTACACS or RADIUS server does not respond or AAA
configuration on the switch is invalid, the local password
authentication is performed.
Follow these steps to set the authentication mode for user privilege level switch:
To do… Use the command… Remarks
Enter system view system-view —
Set the authentication mode for
user privilege level switch
super authentication-mode { local
| scheme } *
Optional
local by default.
17