1.1 新建低权限账号
#配置管理地址和开启telnet配置略
#新建用户test,用给用户0级权限,0级权限可执行命令ping、quit、ssh2、super、system-view、telnet和tracert,取消用户network-operator权限(可选)
[H3C]local-user test
[H3C]password simple test
[H3C-luser-manage-test]service-type telnet
[H3C-luser-manage-test]authorization-attribute user-role level-0
[H3C-luser-manage-test]undo authorization-attribute user-role network-operator
1.2 配置Super切换密码
# 设置超级密码为123456
[H3C]super password simple 123456 //配置超级密码123456
1.3 保存配置
Save force
1.4 实验结果验证
#使用test账号登录,可以输入display但无新建vlan 曲线,新建地址等其他权限
login: test
Password:
sys
[H3C]dis version
H3C Comware Software, Version 7.1.070, Release 1309P02
Copyright (c) 2004-2018 New H3C Technologies Co., Ltd. All rights reserved.
H3C S5560-30S-EI uptime is 0 weeks, 4 days, 23 hours, 16 minutes
Last reboot reason : Cold reboot
[H3C]vlan 2
Permission denied.
[H3C]int vlan 1
Permission denied.
#用户试图下输入super命令,切换到管理员权限
super
Password:
User privilege role is network-admin, and only those commands that authorized to the role can be used.
sys
System View: return to User View with Ctrl+Z.
[H3C]vlan 2
1.5 注意事项
1、level-0和level有输入super命令的权限, level-2~level-8和level-10~level-14:无缺省权限,需要管理员为其配置权限;
2、缺省情况下,用户角色切换的缺省目的角色为network-admin ,无需配置super default role network-admin
觉得此文有用
点“赞”支持吧
近期文章阅读:
防火墙保证带宽的配置方法
交换机远程端口镜像
天线是如何增强信号的?