4.10.1.2 Security-Switch-Privilege Level Configuration

The Privilege Level Configuration page provides an overview of the privilege levels, as shown in the following figure.

Figure 4-34. Privilege Level Configuration

The Privilege Level Configuration page has the following parameters:

  • Group Name: The name identifying the privilege group. In most cases, a privilege level group consists of a single module (for example, Link Aggregation Control Protocol (LACP), RSTP or QoS), but a few of them contain more than one. The following description defines these privilege level groups in detail:
    • System: Contact, Name, Location, Time zone, Daylight Saving Time, and Log
    • Security: Authentication, System Access Management, Port (contains Dot1x port, MAC based and the MAC Address Limit), Access Control List (ACL), HTTPS, SSH, and Address Resolution Protocol (ARP) Inspection.
    • IP: Everything except ping
    • Port: Everything except VeriPHY
    • Diagnostics: ping and VeriPHY
    • Maintenance: CLI- System Reboot, System Restore Default, System Password, Configuration Save, Configuration Load, and Firmware Load. Web- Users, Privilege Levels, and everything in Maintenance.
    • Debug: Only present in CLI
  • Privilege Levels: The Privilege levels are configured between 0–15 (where, 0 is lowest level and 15 is highest level). Every group has an authorization Privilege level for the following subgroups: Configuration read-only, configuration/execute read-write, status/statistics read-only, and status/statistics read-write (for example, for clearing of statistics). User Privilege must be same or greater than the authorization Privilege level to have access to that group.