It is the
most common way to log in to a switch through its console port, and also the basis
to configure other login methods.
Figure 1-1 Network diagram for configuring Telnet login using console port
As shown in Figure
1-1, the serial port of a PC/terminal is connected to
the console port of the switch using a console cable. The current user logs
into the switch from the AUX user interface on the console port to configure
Telnet login. The current user level is 3, that is, the manage level.
|
Product
series
|
Software version
|
Hardware version
|
|
S3610
Series Ethernet Switches
|
Release
5301
|
All
versions
|
|
S5510
Series Ethernet Switches
|
Release
5301
|
All
versions
|
|
S5500-SI
Series Ethernet Switches
|
Release
1207
|
All versions except S5500-20TP-SI
|
|
Release
1301
|
S5500-20TP-SI
|
|
S5500-EI
Series Ethernet Switches
|
Release
2102
|
All
versions
|
|
S7500E
Series Ethernet Switches
|
Release 6100
|
All
versions
|
l
Common configuration for Telnet login
# Enter
system view, and enable Telnet service.
<Sysname>
system-view
[Sysname] telnet
server enable
# Set the
level of commands accessible to the virtual type terminal (VTY) 0 user to 2.
[Sysname]
user-interface vty 0
[Sysname-ui-vty0]
user privilege level 2
# Enable the
Telnet service on VTY 0.
[Sysname-ui-vty0]
protocol inbound telnet
# Set the
number of lines that can be viewed on the screen of the VTY 0 user to 30.
[Sysname-ui-vty0]
screen-length 30
# Set the
history command buffer size to 20 for VTY 0.
[Sysname-ui-vty0]
history-command max-size 20
# Set the
idle-timeout time of VTY 0 to 6 minutes.
[Sysname-ui-vty0]
idle-timeout 6
l
Configure the authentication mode for Telnet
login
The
following three authentication modes are available for Telnet login: none,
password, and scheme.
The
configuration procedures for the three authentication modes are described
below:
1)
Configure not to authenticate Telnet users on
VTY 0.
[Sysname]
user-interface vty 0
[Sysname-ui-vty0]
authentication-mode none
2)
Configure password authentication for Telnet
login on VTY 0, and set the password to 123456 in plain text.
[Sysname]
user-interface vty 0
[Sysname-ui-vty0]
authentication-mode password
[Sysname-ui-vty0]
set authentication password simple 123456
3)
Configure local authentication in scheme mode
for login users.
# Create a
local user named guest and enter local user view.
[Sysname]
local-user guest
# Set the
authentication password to 123456 in plain text.
[Sysname-luser-guest]
password simple 123456
# Set the
service type to Telnet and the user level to 2 for the user guest.
[Sysname-luser-guest]
service-type telnet level 2
[Sysname-luser-guest]
quit
# Enter VTY
0 user interface view.
[Sysname]
user-interface vty 0
# Set the
authentication mode to scheme for Telnet login on VTY 0.
[Sysname-ui-vty0]
authentication-mode scheme
[Sysname-ui-vty0]
quit
# Specify
the domain system as the default domain, and configure the domain to
adopt local authentication in scheme mode.
[Sysname] domain
default enable system
[Sysname] domain
system
[Sysname-isp-system]
scheme local
l
Telnet login configuration with the
authentication mode being none
#
telnet
server enable
#
user-interface
vty 0
authentication-mode
none
user
privilege level 2
history-command
max-size 20
idle-timeout
6 0
screen-length
30
protocol
inbound telnet
l
Telnet login configuration with the
authentication mode being password
#
telnet
server enable
#
user-interface
vty 0
authentication-mode
none
user
privilege level 2
set
authentication password simple 123456
history-command
max-size 20
idle-timeout
6 0
screen-length
30
protocol
inbound telnet
l
Telnet login configuration with the
authentication mode being scheme
#
domain
system
authentication
default local
#
telnet
server enable
#
local-user
guest
service-type
telnet
level 2
password
simple 123456
#
user-interface
vty 0
authentication-mode
scheme
user
privilege level 2
history-command
max-size 20
idle-timeout
6 0
screen-length
30
protocol
inbound telnet
N/A
An Ethernet switch
supports Telnet, so you can manage and maintain the switch remotely by Telnetting
to it.
Figure 1-2
Network diagram for configuring console port login using Telnet
As shown in Figure
1-2, telnet to the switch to configure console
login. The current user level is 3, that is, the manage level.
|
Product
series
|
Software version
|
Hardware version
|
|
S3610
Series Ethernet Switches
|
Release
5301
|
All
versions
|
|
S5510
Series Ethernet Switches
|
Release
5301
|
All
versions
|
|
S5500-SI
Series Ethernet Switches
|
Release
1207
|
All versions except S5500-20TP-SI
|
|
Release
1301
|
S5500-20TP-SI
|
|
S5500-EI
Series Ethernet Switches
|
Release
2102
|
All
versions
|
|
S7500E
Series Ethernet Switches
|
Release
6100
|
All
versions
|
l
Common configuration for console login
# Specify
the level of commands accessible to the AUX 0 user interface to 2.
[Sysname]
user-interface aux 0
[Sysname-ui-aux0]
user privilege level 2
# Set the
baud rate of the console port to 19200 bps.
[Sysname-ui-aux0]
speed 19200
# Set the number
of lines that can be viewed on the screen of the AUX 0 user to 30.
[Sysname-ui-aux0]
screen-length 30
# Set the
history command buffer size to 20 for AUX 0.
[Sysname-ui-aux0]
history-command max-size 20
# Set the
idle-timeout time of AUX 0 to 6 minutes.
[Sysname-ui-aux0]
idle-timeout 6
l
Configure the authentication mode for console login
The
following three authentication modes are available for console login: none,
password, and scheme.
The
configuration procedures for the three authentication modes are described
below:
1)
Configure not to authenticate console login
users.
[Sysname]
user-interface aux 0
[Sysname-ui-aux0]
authentication-mode none
2)
Configure password authentication for console
login, and set the password to 123456 in plain text.
[Sysname]
user-interface aux 0
[Sysname-ui-aux0]
authentication-mode password
[Sysname-ui-aux0]
set authentication password simple 123456
3)
Configure local authentication in scheme mode for
console login.
# Create a
local user named guest and enter local user view.
[Sysname]
local-user guest
# Set the
authentication password to 123456 in plain text.
[Sysname-luser-guest]
password simple 123456
# Set the
service type to Terminal and the user level to 2 for the user guest.
[Sysname-luser-guest]
service-type terminal level 2
[Sysname-luser-guest]
quit
# Enter AUX 0
user interface view.
[Sysname]
user-interface aux 0
# Set the
authentication mode to scheme for console login.
[Sysname-ui-aux0]
authentication-mode scheme
l
Console login configuration with the
authentication mode being none
#
user-interface
aux 0
authentication-mode
none
user
privilege level 2
history-command
max-size 20
idle-timeout
6 0
speed
19200
screen-length
30
l
Console login configuration with the
authentication mode being password
#
user-interface
aux 0
authentication-mode
password
user
privilege level 2
set
authentication password simple 123456
history-command
max-size 20
idle-timeout
6 0
speed
19200
screen-length
30
l
Console login configuration with the authentication
mode being scheme
#
local-user
guest
password
simple 123456
service-type
terminal
level 2
#
user-interface
aux 0
authentication-mode
scheme
user
privilege level 2
history-command
max-size 20
idle-timeout
6 0
speed
19200
screen-length
30
N/A
Figure 1-3 Network diagram for logging in through the web-based network
management system
As shown in Figure 1-3,
a PC logs into a switch through web-based network management system and manages
the switch remotely.
|
Product series
|
Software version
|
Hardware version
|
|
S3610
Series Ethernet Switches
|
Release 5301
|
All
versions
|
|
S5510
Series Ethernet Switches
|
Release
5301
|
All
versions
|
|
S5500-SI
Series Ethernet Switches
|
Release
1207
|
All versions except S5500-20TP-SI
|
|
Release
1301
|
S5500-20TP-SI
|
|
S5500-EI
Series Ethernet Switches
|
Release
2102
|
All
versions
|
# Configure
the IP address of VLAN 1 (default VLAN of the switch) interface as 10.153.17.82
with the mask 255.255.255.0.
<Sysname>
system-view
[Sysname] interface
vlan-interface 1
[Sysname-VLAN-interface1]
ip address 10.153.17.82 255.255.255.0
[Sysname-VLAN-interface1]
quit
# Configure
the Web-based network management system user name as admin, and password
as admin, and set the user level to 3.
[Sysname]
local-user admin
[Sysname-luser-admin]
service-type telnet level 3
[Sysname-luser-admin]
password simple admin
[Sysname-luser-admin]
quit
# Enable the
Web server on the switch.
[Sysname] ip
http enable
Log in to the switch through IE: Launch IE
on the Web-based network management terminal (your PC) and enter http://10.153.17.82
in the address bar (make sure the route between the Web-based network
management terminal and the switch is available), and the login authentication
page appears, as shown in Figure
1-4.
Figure 1-4
The login page of the Web-based network management
system
# Enter the
user name and the password configured on the switch and click Login to
display the initial page of the Web-based network management system.
#
local-user
admin
password
simple admin
service-type
telnet
level 3
#
interface
Vlan-interface1
ip
address 10.153.17.82 255.255.255.0
By default,
web-based network management system is enabled.
Figure 1-5 Network diagram for controlling the login users
As shown in Figure
1-5, only Telnet/SNMP/Web users sourced from the IP
addresses of 10.110.100.52 and 10.110.100.46 are permitted to log in to the
switch.
|
Product series
|
Software version
|
Hardware version
|
|
S3610
Series Ethernet Switches
|
Release
5301
|
All
versions
|
|
S5510
Series Ethernet Switches
|
Release
5301
|
All
versions
|
|
S5500-SI
Series Ethernet Switches
|
Release
1207
|
All versions except S5500-20TP-SI
|
|
Release
1301
|
S5500-20TP-SI
|
|
S5500-EI
Series Ethernet Switches
|
Release
2102
|
All
versions
|
|
S7500E
Series Ethernet Switches
|
Release
6100
|
All
versions
|
# Create
basic ACL 2000 and enter basic ACL view.
[Sysname] acl
number 2000 match-order config
[Sysname-acl-basic-2000]
# Define ACL
rules to allow only Telnet/SNMP/Web users sourced from the IP addresses of
10.110.100.52 and 10.110.100.46 to log in to the switch.
[Sysname-acl-basic-2000]
rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000]
rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000]
rule 3 deny source any
[Sysname-acl-basic-2000]
quit
# Apply ACL
2000 to control Telnet users by source IP address.
[Sysname]
user-interface vty 0 4
[Sysname-ui-vty0-4]
acl 2000 inbound
# Apply ACL
2000 to control SNMP users by source IP address.
[Sysname]
snmp-agent community read aaa acl 2000
[Sysname]
snmp-agent group v2c groupa acl 2000
[Sysname]
snmp-agent usm-user v2c usera groupa acl 2000
# Apply ACL 2000 to control Web users by
source IP address.
[Sysname]
ip http acl 2000
1.4.5 Complete Configuration
l
Configuration for controlling Telnet users by
source IP address
#
acl number
2000
rule 1
permit source 10.110.100.52 0
rule 2
permit source 10.110.100.46 0
rule 3
deny
#
user-interface
vty 0 4
acl 2000
inbound
l
Configuration for controlling SNMP users by
source IP address
#
acl number
2000
rule 1
permit source 10.110.100.52 0
rule 2
permit source 10.110.100.46 0
rule 3
deny
#
snmp-agent
community read aaa acl 2000
snmp-agent
group v2c groupa acl 2000
snmp-agent
usm-user v2c usera groupa acl 2000
l
Configuration for controlling Web users by
source IP address
#
ip http
acl 2000
#
acl number
2000
rule 1
permit source 10.110.100.52 0
rule 2
permit source 10.110.100.46 0
rule 3
deny
The S7500E
series Ethernet switches with software version Release 6100 do not support Web
login. Therefore, Web user control is not applicable to an S7500E series with
software version of Release 6100.
