The authentication-super command configures an authentication mode for upgrading user levels in an authentication scheme.
The undo authentication-super command restores the default authentication mode for upgrading user levels in an authentication scheme.
By default, the super mode is used. That is, local authentication is used.
authentication-super { hwtacacs | radius | super } * [ none ]
authentication-super none
undo authentication-super
Parameter |
Description |
Value |
|---|---|---|
hwtacacs |
Uses HWTACACS authentication to upgrade user levels. |
- |
radius |
Uses RADIUS authentication to upgrade user levels. |
- |
super |
Uses local authentication to upgrade user levels. |
- |
none |
Indicates that user levels can be upgraded without authentication. |
- |
Usage Scenario
If users in a domain need to upgrade their levels, the device requests the users to enter the password to authenticate the users. If AAA authentication has been configured using the authentication-mode (user interface view) command, run the authentication-super command to configure an authentication mode for upgrading user levels.
When you use the super command to switch a user level to a lower level or the same level, no authentication is required. When you use the super command to switch a user level to a higher level, authentication is required. The user can be granted rights only after being authenticated.
Precautions
If multiple authentication modes are configured in an authentication scheme, these authentication modes are used in the sequence in which they were configured. The device uses another authentication mode only when it does not receive any response in the current authentication. The device does not switch to another authentication mode if the user fails to pass one authentication mode.