HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Community
Comware Based
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

vty access level 3 on HP A3600v2

 
SebOOl84
SebOOl84
Occasional Visitor

‎07-08-2014 01:21 AM

‎07-08-2014 01:21 AM

vty access level 3 on HP A3600v2

Hi all
I have a network that is based on HP A serires switches. I have installed 4 new ones A3600v2 and I have a problem with SSH access privilage level. On A3600v1 and A5500 models i used to use this configuration: 

user-interface vty 0 15
 authentication-mode scheme
 user privilege level 3
 protocol inbound ssh

The above config gived me full access to the switch CLI. On the v2 series it doesn't. I have to use super command to get full CLI access. Can someone tell how to get it work on v2 switches ?

0 Kudos
Reply
1 REPLY
Apachez-
Apachez-
Trusted Contributor

‎07-10-2014 12:50 PM

‎07-10-2014 12:50 PM

Re: vty access level 3 on HP A3600v2

How does the rest of the config look like?

 

In order to use "super" you need to have a super password set, similar to:

 

super password level 3 cipher <REMOVED>

 

Note however if you dont have a super password set and you dont have a user with level 3 permissions you wont be able to alter the configuration afterwards.

 

You can verify which permission a local user might have by looking at the configuration, this is a level 1 user named "admin":

 

local-user admin

 password cipher <REMOVED>

 authorization-attribute level 1

 service-type ssh terminal

 

Changing the above into level 3 should mean that you wont have to issue the super password.

 

In your case I think it defaults to the local user database since you have setup:

 

authentication-mode scheme

 

instead of:

 

authentication-mode password

 

That is something like this should give you super privileges without the need of issue a manual "super" (and without looking in the internal user database):

 

user-interface aux 0
 authentication-mode password
 user privilege level 3
 set authentication password cipher <REMOVED>

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.