Friday , November 24 2017
Home / Basic Configuration / Huawei basic user environment

Huawei basic user environment

As you already know you can assign a different privilege level for each user, configured on a Huawei device. How to configure local user and how to access Huawei device you can read in one of my previous posts.

user privilege level

Today I want to focus on the privilege level of local user. Each year lots of accidents in IP networks are caused by inexperienced employees. We can decrease the number of such accidents setting privilege level for local users, logging into network devices. Setting a lower privilege level for such employees increases networks’ safety. For more experienced engineers  we can either configure higher privilege level or set a super password, to let them to perform advanced operation.

Let’s assume that we have created a local user with the lowest priority:

#
local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4<1!!
 local-user labnario service-type telnet
 local-user labnario level 0
#

After you are logged as user “labnario” and putting a question mark you can see all commands available in level 0:

<CX600>?
User view commands:
  cluster        Run cluster command
  display        Display LPUF-10 work-mode
  hwtacacs-user  HWTACACS user
  language-mode  Specify the language environment
  local-user     Local user
  ping           Ping function
  quit           Exit from current command view
  return         Exit to user view
  save           Save file
  super          Privilege current user a specified priority level
  telnet         Establish a Telnet connection
  trace          Trace route (switch) to host on Data Link Layer
  tracert        Trace route to host

As this is the lowest privilege level we cannot even display current-configuration and interfaces’ statistics:

<CX600>display current-configuration
             ^
Error: Unrecognized command found at '^' position.

<CX600>display interface GigabitEthernet7/0/0
             ^
Error: Unrecognized command found at '^' position.
command privilege level

But we can assign additional commands to this level in advance, as needed:

#
command-privilege level 0 view shell display current-configuration
command-privilege level 0 view system display current-configuration
command-privilege level 0 view shell display interface GigabitEthernet7/0/0
#

Now it is possible to display current-configuration and statistics of GE7/0/0:

<CX600>display ?
  current-configuration     Current configuration
  interface                 Status and configuration information for the
                            interface
super password and switching user levels

Let’s come back to super password. What we want to do is to the set super password, in advance, for privilege level 15:

[CX600]super password level 15 cipher &EU15O"Q3/;Q=^Q`MAF4<1!!

And now if you are logged as level 0 user, you can switch to level 15. If you want to recall about a level’s arrangement on Huawei devices you can read huawei cli introduction.

<CX600>super 15
Password:
Now user privilege is 15 level, and only those commands whose level is equal to or less than this level can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

Now you have full rights to configure and manage this device.

locking user terminal

Remember to lock your current user terminal interface if you are away of your desk. It prevents your device against unauthorized users operations on the current terminal interface:

<CX600>lock
Enter Password:
Confirm Password:

Info: The terminal is locked.

Enter Password:
<CX600>

Leave a Reply

Your email address will not be published. Required fields are marked *