1-15
Switching user privilege level
Users can switch their user privilege level temporarily without logging out and disconnecting the current
connection; after the switch, users can continue to configure the device without the need of relogin and
reauthentication, but the commands that they can execute have changed. For example, if the current
user privilege level is 3, the user can configure system parameters; after switching the user privilege
level to 0, the user can only execute some simple commands, like
ping
and
tracert
, and only a few
display
commands. The switching of user privilege level is temporary, and effective for the current login;
after the user relogs in, the user privilege restores to the original level.
To avoid misoperations, the administrators are recommended to log in to the device by using a lower
privilege level and view device operating parameters, and when they have to maintain the device, they
can switch to a higher level temporarily; when the administrators need to leave for a while or ask
someone else to manage the device temporarily, they can switch to a lower privilege level before they
leave to restrict the operation by others.
Users can switch from a high user privilege level to a low user privilege level without entering a
password; when switching from a low user privilege level to a high user privilege level, only the console
login users do not have to enter the password, and users that log in from VTY user interfaces need to
enter the password for security’s sake. This password is for level switching only and is different from the
login password. If the entered password is incorrect or no password is configured, the switching fails.
Therefore, before switching a user to a higher user privilege level, you should configure the password
needed.
Follow these steps to switch user privilege level:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure the password for
switching the user privilege
level
super password
[
level
user-level
] {
simple
|
cipher
}
password
Required
By default, no password is
configured.
Exit to user view
quit
—
Switch the user privilege level
super
[
level
]
Required
When logging in to the device,
a user has a user privilege
level, which is decided by user
interface or authentication user
level.
z
Before you configure the password for switching user privilege level, you need to make sure the
“Set BootRom password recovery” is enabled in BootRom. By default, the “BootRom password
recovery” is enabled.
z
When you configure the password for switching user privilege level with the
super password
command, the user privilege level is 3 if no user privilege level is specified.
z
The password for switching user privilege level can be displayed in both cipher text and simple text.
You are recommended to adopt the former as the latter is easily cracked.