Specifies the user access level.
If enhanced secure mode is disabled, the valid user access levels for
the switch are:
-
rwa — Specifies read-write-all
-
rw — Specifies read-write
-
ro — Specifies read-only
-
rwl1 — Specifies read-write for Layer 1
-
rwl2 — Specifies read-write for Layer 2
-
rwl3 — Specifies read-write for Layer 3
If you enable enhanced secure mode, the switch uses role-based
authentication. You associate each username with a specific role and
the appropriate authorization rights to commands based on that
role.
If enhanced secure mode is enabled, the value user access levels for
the switch are:
-
admin—Specifies a user role with access to all of the
configurations, show commands, and the ability to view the
log file and security commands. The administrator role is
the highest level of user roles.
-
operator—Specifies a user role with access to all of the
configurations for packet forwarding on Layer 2 and Layer 3,
and has access to show commands to view the configuration,
but cannot view the audit logs and cannot access security
and password commands.
-
auditor—Specifies a user role that can view log files and
view all configurations, except password configuration.
-
security—Specifies a user role with access only to security
settings and the ability to view the configurations
-
priv—Specifies a user role with access to all of the commands
that the administrator has access to, and is referred to as
an emergency-admin. However, the user with the privilege
role must be authenticated within the switch locally. RADIUS
and TACACS+ authentication is not accessible. A user role at
the privilege level must login to the switch through the
console port only.
|