R3204P16-HP Load Balancing Module System Management Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

151

152

153

154

155

156

157

158

159

160

150

privilege level is 3, the user can configure system parameters. After switching to user privilege level 0, the

user can only execute simple commands, like ping and tracert, and only a few display commands. The

switching operation is effective for the current login. After the user relogs in, the user privilege restores to

the original level.

• To avoid problems, HP recommends that administrators log in to the device by using a lower

privilege level and view switch operating parameters, and when they have to maintain the switch,

they can switch to a higher level temporarily

• If the administrators need to leave for a while or ask someone else to manage the device

temporarily, they can switch to a lower privilege level before they leave to restrict the operation by

others.

Setting the authentication mode for user privilege level switch

• A user can switch to a privilege level equal to or lower than the current one unconditionally and is

not required to input a password (if any).

• For security, a user is required to input the password (if any) to switch to a higher privilege level. The

authentication falls into one of the following four categories:

Authentication

mode

Meaning Description

local

Local password

authentication

The device authenticates a user by using the privilege level

switch password input by the user.

When this mode is applied, you need to set the password for

privilege level switch with the super password command.

scheme

Remote AAA

authentication through

RADIUS

The device sends the username and password for privilege

level switch to the RADIUS server for remote authentication.

When this mode is applied, you need to perform the following

configurations:

• Configure RADIUS scheme and reference the created

scheme in the ISP domain. For more information, see

Security Configuration Guide.

• Create the corresponding user and configure password on

the RADIUS server.

local scheme

Performs the local

password

authentication first and

then the remote AAA

authentication

The device authenticates a user by using the local password

first, and if no password for privilege level switch is set, for the

user logged in from the console port, the privilege level is

switched directly; for the user logged in from any of the AUX or

VTY user interfaces, the AAA authentication is performed.

scheme local

Performs remote AAA

authentication first and

then the local password

authentication

AAA authentication is performed first, and if the remote

RADIUS server does not respond or AAA configuration on the

device is invalid, the local password authentication is

performed.

Follow these steps to set the authentication mode for user privilege level switch:

To do… Use the command…

Remarks

Enter system view system-view —

Set the authentication mode for

user privilege level switch

super authentication-mode { local

| scheme } *

Optional

local by default.