huawei basic user environment

Download as PDF

As you already know you can assign a different privilege level for each user, configured on a Huawei device. How to configure local user and how to access Huawei device you can read in one of my previous posts.

user privilege level

Today I want to focus on the privilege level of local user. Each year lots of accidents in IP networks are caused by inexperienced employees. We can decrease the number of such accidents setting privilege level for local users, logging into network devices. Setting a lower privilege level for such employees increases networks’ safety. For more experienced engineers  we can either configure higher privilege level or set a super password, to let them to perform advanced operation.

Let’s assume that we have created a local user with the lowest priority:

local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4<1!!
 local-user labnario service-type telnet
 local-user labnario level 0

After you are logged as user “labnario” and putting a question mark you can see all commands available in level 0:

User view commands:
  cluster        Run cluster command
  display        Display LPUF-10 work-mode
  hwtacacs-user  HWTACACS user
  language-mode  Specify the language environment
  local-user     Local user
  ping           Ping function
  quit           Exit from current command view
  return         Exit to user view
  save           Save file
  super          Privilege current user a specified priority level
  telnet         Establish a Telnet connection
  trace          Trace route (switch) to host on Data Link Layer
  tracert        Trace route to host

As this is the lowest privilege level we cannot even display current-configuration and interfaces’ statistics:

<CX600>display current-configuration
Error: Unrecognized command found at '^' position.

<CX600>display interface GigabitEthernet7/0/0
Error: Unrecognized command found at '^' position.

command privilege level

But we can assign additional commands to this level in advance, as needed:

 command-privilege level 0 view shell display current-configuration
 command-privilege level 0 view system display current-configuration
 command-privilege level 0 view shell display interface GigabitEthernet7/0/0

Now it is possible to display current-configuration and statistics of GE7/0/0:

<CX600>display ?
  current-configuration     Current configuration
  interface                 Status and configuration information for the

super password and switching user levels

Let’s come back to super password. What we want to do is to the set super password, in advance, for privilege level 15:

[CX600]super password level 15 cipher &EU15O"Q3/;Q=^Q`MAF4<1!!

And now if you are logged as level 0 user, you can switch to level 15. If you want to recall about a level’s arrangement on Huawei devices you can read huawei cli introduction.

<CX600>super 15
Now user privilege is 15 level, and only those commands whose level is equal to or less than this level can be used.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE

Now you have full rights to configure and manage this device.

locking user terminal

Remember to lock your current user terminal interface if you are away of your desk. It prevents your device against unauthorized users operations on the current terminal interface:

Enter Password:
Confirm Password:

Info: The terminal is locked.

Enter Password:

2 thoughts on “huawei basic user environment

  1. poorya

    hi, i have a Q, i lost my bootrom password as well as my con. and vty passwords ( our former employee change them and left the company) how i can recover bootrom password?
    please help me with it

  2. labnario Post author

    If bootrom password has not been changed you can find a default password if you give a serial number of this device to Huawei. But the problem is if this password was changed. There is no official procedure and is not allowed to crack this password. Please ask your local Huawei office how to solve this problem. Unfortunately I cannot help you.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s