Overview of Second-Tier Password Authentication
A normal user has permission only to enter execution mode to view configuration information. A normal user cannot enter configuration mode to modify the configuration.
A second-tier password allows a normal user to pass second-tier authentication and perform all administrator tasks. The Second-Tier Password Authentication feature is disabled by default.
A second-tier password can be used for both local and remote authentication. If user management is configured with local authentication, the second-tier password is also authenticated with local authentication. If user management is configured with remote authentication, the second-tier password is also authenticated with remote authentication.
With local authentication configured, if a normal user logs in to the privileged mode, the device prompts the user for the password. A normal user needs to enter a second-tier password for successful authentication. With remote authentication configured, if a normal user logs in to the privileged mode, the device automatically uses the configured username and second-tier password for successful authentication.