R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)
24
Ste
p
Command
Remarks
2. Enter user line view or user
line class view.
• Enter user line view:
line { first-num1 [ last-num1 ] |
{ aux | console | tty | vty }
first-num2 [ last-num2 ] }
• Enter user line class view:
line class { aux | console | tty
| vty }
For information about the priority
order and application scope of the
configurations in user line view and
user line class view, see "Logging into
the CLI."
3. Specify a user role on the
user line.
user-role role-name
Repeat this step to specify up to 64
user roles on a user line.
By default, network-admin is specified
on the console/AUX user line, and
network-operator is specified on any
other user line.
Configuring temporary user role authorization
Temporary user role authorization allows you to obtain another user role without reconnecting to the
device. This function is useful when you want to use a user role temporarily to configure a feature.
Temporary user role authorization is effective only on the current login. This feature does not change the
user role settings in the user account that you have been logged in with. The next time you are logged in
with the user account, the original user role settings take effect.
Configuration guidelines
When you configure temporary user role authorization, follow these guidelines:
• To enable users to obtain another user roles without reconnecting to the device, you must configure
user role authentication. Table 7 desc
ribes the available authentication modes and configuration
requirements.
• Local password authentication is available for all user roles, but remote AAA authentication is
available only for level-n user roles.
{ If HWTACACS authentication is used, use a user account that has the target user role level or a
user role level higher than the target user role. For example, if the user account test has the user
role level-3, you can use this user account to obtain the authorization of the level-0, level-1,
level-2, or level-3 user role. When you use this method, you must enter the correct username
and password to pass authentication.
{ If RADIUS authentication is used, you must create a user account for each level-n user role in the
$enabn$ format or the $enabn$@domain-name format. The variable n represents the user role
level. When you use this method, the username you enter is ignored. You can pass
authentication as long as the password is correct.
• If you execute the quit command after obtaining user role authorization, you are logged out of the
device.