1-11Level Privilege Description1 MonitorIncludes commands for system maintenance and service faultdiagnosis. Commands at this level are not allowed to be saved afterbeing configured. After the device is restarted, the commands at thislevel will be restored to the default settings. Commands at this levelinclude debugging, terminal, refresh, reset, and send.2 SystemProvides service configuration commands, including routing andcommands at each level of the network for providing services. Bydefault, commands at this level include all configuration commandsexcept for those at manage level.3 ManageInfluences the basic operation of the system and the system supportmodules for service support. By default, commands at this level involvefile system, FTP, TFTP, Xmodem command download, usermanagement, level setting, as well as parameter setting within asystem (the last case involves those non-protocol or non RFCprovisioned commands).Configuring user privilege levelUser privilege level can be configured by using AAA authentication parameters or under a userinterface.Configure user privilege level by using AAA authentication parametersIf the user interface authentication mode is scheme when a user logs in, and username and passwordare needed at login, then the user privilege level is specified in the configuration of AAA authentication.Follow these steps to configure user privilege level by using AAA authentication parameters:To do… Use the command… RemarksEnter system view system-view —Enter user interface view user-interface [ type ]first-number [ last-number ] —Configure the authenticationmode for logging in to the userinterface as schemeauthentication-mode scheme[ command-authorization ]RequiredBy default, the authenticationmode for VTY and AUX users ispassword.Exit to system view quit —Configure the authenticationmode for SSH users aspasswordFor the details, refer to SSH2.0Configuration in the SecurityVolume.Required if users use SSH tolog in, and username andpassword are needed atauthenticationConfigure theuser privilegelevel by usingAAAauthenticationparametersUsing localauthenticationz Use the local-usercommand to create a localuser and enter local userview.z Use the level keyword in theauthorization-attributecommand to configure theuser level.User either approachz For local authentication, ifyou do not configure theuser level, the user level is0, that is, users of this levelcan use commands withlevel 0 only.