3 配置步骤

3.1  新建低权限账号

#配置管理地址和开启telnet配置略

#新建用户test,分配给用户1级权限，1级权限为监控级，可用于系统维护、业务故障诊断等功能的命令。

<H3C> system-view

[H3C]local-user test

[H3C]password simple test

[H3C-luser-test]service-type telnet

[H3C-luser-test]authorization-attribute level  1

[H3C-luser-test]quit

3.2  配置Super切换密码

# 设置超级密码为123456

[H3C] super  password  level 3 simple 123456 //配置超级密码123456

3.3  保存配置

save force

3.4  实验结果验证

#使用test账号登录，可以输入display但无配置权限，无法输入sys进到系统视图

login: test

Password:

Username:test

Password:

<H3C>dis ver

<H3C>dis version

H3C Comware Platform Software

Comware Software, Version 5.20.99, Release 1111

Copyright (c) 2004-2016 Hangzhou H3C Tech. Co., Ltd. All rights reserved.

H3C S5110-28P-PWR uptime is 0 week, 0 day, 1 hour, 18 minutes

<H3C>sys

     ^

 % Unrecognized command found at '^' position.

#用户试图下输入super命令，切换到管理员权限

<H3C>super 3

Please input the password to change the privilege level, press CTRL_C to abort.

 Password:

User privilege level is 3, and only those commands can be used

whose level is equal or less than this.

Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

<H3C>sys

System View: return to User View with Ctrl+Z.

3.5  注意事项                                                                                  

1、  V5交换机用户权限有4个等级，分别为level 0- level 3, level 3为最高权限, 角色用户介绍链接：http://www.h3c.com/cn/d_201812/1140393_30005_0.htm#_Toc532823646

2、 缺省情况下， 在使用super password命令时，若不指定用户级别，则配置的是切换到3级用户的密码，无需配置level 3,，直接配置super password simple 123456即可