- Table of Contents
-
- H3C Low-End and Mid-Range Ethernet Switches Configuration Examples(V1.01)
- 00-1Cover
- 01-Login Configuration Guide
- 02-VLAN Configuration Guide
- 03-GVRP Configuration Guide
- 04-Voice VLAN Configuration Guide
- 05-IP Addressing and Performance Configuration Guide
- 06-QinQ Configuration Guide
- 07-BPDU Tunnel Configuration Guide
- 08-VLAN Mapping Configuration Guide
- 09-MAC Address Table Management Configuration Guide
- 10-Link Aggregation Configuration Guide
- 11-IP Source Guard Configuration Guide
- 12-DLDP Configuration Guide
- 13-MSTP Configuration Guide
- 14-IPv4 Routing Configuration Guide
- 15-IPv6 Configuration Guide
- 16-IPv6 Routing Configuration Guide
- 17-IPv4 Multicast Configuration Guide
- 18-IPv6 Multicast Configuration Examples
- 19-802.1x Configuration Guide
- 20-AAA Configuration Guide
- 21-MAC Authentication Configuration Guide
- 22-Portal Configuration Guide
- 23-ARP Configuration Guide
- 24-DHCP Configuration Guide
- 25-ACL Configuration Guide
- 26-QoS Configuration Guide
- 27-Port Mirroring Configuration Guide
- 28-Cluster Management Configuration Guide
- 29-SNMP-RMON Configuration Guide
- 30-NTP Configuration Guide
- 31-FTP-TFTP Configuration Guide
- 32-UDP Helper Configuration Guide
- 33-Information Center Configuration Guide
- 34-DNS Configuration Guide
- 35-File System Management Configuration Guide
- 36-Remote Upgrade Configuration Guide
- 37-NQA Configuration Guide
- 38-VRRP Configuration Guide
- 39-SSH Configuration Guide
- 40-Port Security Configuration Guide
- 41-Port Isolation Configuration Guide
- 42-LLDP Configuration Guide
- 43-MCE Configuration Guide
- 44-PoE Configuration Guide
- 45-OAM Configuration Guide
- 46-Connectivity Fault Detection Configuration Guide
- 47-RRPP Configuration Guide
- 48-sFlow Configuration Guide
- 49-SSL-HTTPS Configuration Guide
- 50-PKI Configuration Guide
- 51-Track Configuration Guide
- 52-EPON-OLT Configuration Guide
- 53-Smart Link Configuration Guide
- 54-MPLS Configuration Guide
- Related Documents
-
01-Login Configuration Guide
Table of Contents
Configuring Telnet Login Using Console Port
Networking and Configuration Requirements
Configuring Console Port Login Using Telnet
Networking and Configuration Requirements
Configuring to Log In to a Switch Through the Web-Based NMS
Networking and Configuration Requirements
Configuring to Control the Login Users
Networking and Configuration Requirements
Configuring Telnet Login Using Console Port
It is the most common way to log in to a switch through its console port, and also the basis to configure other login methods.
Network Diagram
Figure 1-1 Network diagram for configuring Telnet login using console port
Networking and Configuration Requirements
As shown in Figure 1-1, the serial port of a PC/terminal is connected to the console port of the switch using a console cable. The current user logs into the switch from the AUX user interface on the console port to configure Telnet login. The current user level is 3, that is, the manage level.
Applicable Product Matrix
Software version |
Hardware version |
|
S3610 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
S5510 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
S5500-SI Series Ethernet Switches |
Release 1207 |
All versions except S5500-20TP-SI |
Release 1301 |
S5500-20TP-SI |
|
S5500-EI Series Ethernet Switches |
Release 2102 |
All versions |
S7500E Series Ethernet Switches |
Release 6100, Release 6300 |
All versions |
Configuration Procedure
l Common configuration for Telnet login
# Enter system view, and enable Telnet service.
<Sysname> system-view
[Sysname] telnet server enable
# Set the level of commands accessible to the virtual type terminal (VTY) 0 user to 2.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] user privilege level 2
# Enable the Telnet service on VTY 0.
[Sysname-ui-vty0] protocol inbound telnet
# Set the number of lines that can be viewed on the screen of the VTY 0 user to 30.
[Sysname-ui-vty0] screen-length 30
# Set the history command buffer size to 20 for VTY 0.
[Sysname-ui-vty0] history-command max-size 20
# Set the idle-timeout time of VTY 0 to 6 minutes.
[Sysname-ui-vty0] idle-timeout 6
l Configure the authentication mode for Telnet login
The following three authentication modes are available for Telnet login: none, password, and scheme.
The configuration procedures for the three authentication modes are described below:
1) Configure not to authenticate Telnet users on VTY 0.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] authentication-mode none
2) Configure password authentication for Telnet login on VTY 0, and set the password to 123456 in plain text.
[Sysname] user-interface vty 0
[Sysname-ui-vty0] authentication-mode password
[Sysname-ui-vty0] set authentication password simple 123456
3) Configure local authentication in scheme mode for login users.
# Create a local user named guest and enter local user view.
[Sysname] local-user guest
# Set the authentication password to 123456 in plain text.
[Sysname-luser-guest] password simple 123456
# Set the service type to Telnet and the user level to 2 for the user guest.
[Sysname-luser-guest] service-type telnet level 2
[Sysname-luser-guest] quit
# Enter VTY 0 user interface view.
[Sysname] user-interface vty 0
# Set the authentication mode to scheme for Telnet login on VTY 0.
[Sysname-ui-vty0] authentication-mode scheme
[Sysname-ui-vty0] quit
# Specify the domain system as the default domain, and configure the domain to adopt local authentication in scheme mode.
[Sysname] domain default enable system
[Sysname] domain system
[Sysname-isp-system] scheme local
Complete Configuration
l Telnet login configuration with the authentication mode being none
#
telnet server enable
#
user-interface vty 0
authentication-mode none
user privilege level 2
history-command max-size 20
idle-timeout 6 0
screen-length 30
protocol inbound telnet
l Telnet login configuration with the authentication mode being password
#
telnet server enable
#
user-interface vty 0
authentication-mode password
user privilege level 2
set authentication password simple 123456
history-command max-size 20
idle-timeout 6 0
screen-length 30
protocol inbound telnet
l Telnet login configuration with the authentication mode being scheme
#
domain system
authentication default local
#
telnet server enable
#
local-user guest
service-type telnet
level 2
password simple 123456
#
user-interface vty 0
authentication-mode scheme
user privilege level 2
history-command max-size 20
idle-timeout 6 0
screen-length 30
protocol inbound telnet
Configuration Guidelines
N/A
Configuring Console Port Login Using Telnet
An Ethernet switch supports Telnet, so you can manage and maintain the switch remotely by Telnetting to it.
Network Diagram
Figure 1-2 Network diagram for configuring console port login using Telnet
Networking and Configuration Requirements
As shown in Figure 1-2, telnet to the switch to configure console login. The current user level is 3, that is, the manage level.
Applicable Product Matrix
Software version |
Hardware version |
|
S3610 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
S5510 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
S5500-SI Series Ethernet Switches |
Release 1207 |
All versions except S5500-20TP-SI |
Release 1301 |
S5500-20TP-SI |
|
S5500-EI Series Ethernet Switches |
Release 2102 |
All versions |
S7500E Series Ethernet Switches |
Release 6100, Release 6300 |
All versions |
Configuration Procedure
l Common configuration for console login
# Specify the level of commands accessible to the AUX 0 user interface to 2.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] user privilege level 2
# Set the baud rate of the console port to 19200 bps.
[Sysname-ui-aux0] speed 19200
# Set the number of lines that can be viewed on the screen of the AUX 0 user to 30.
[Sysname-ui-aux0] screen-length 30
# Set the history command buffer size to 20 for AUX 0.
[Sysname-ui-aux0] history-command max-size 20
# Set the idle-timeout time of AUX 0 to 6 minutes.
[Sysname-ui-aux0] idle-timeout 6
l Configure the authentication mode for console login
The following three authentication modes are available for console login: none, password, and scheme.
The configuration procedures for the three authentication modes are described below:
1) Configure not to authenticate console login users.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] authentication-mode none
2) Configure password authentication for console login, and set the password to 123456 in plain text.
[Sysname] user-interface aux 0
[Sysname-ui-aux0] authentication-mode password
[Sysname-ui-aux0] set authentication password simple 123456
3) Configure local authentication in scheme mode for console login.
# Create a local user named guest and enter local user view.
[Sysname] local-user guest
# Set the authentication password to 123456 in plain text.
[Sysname-luser-guest] password simple 123456
# Set the service type to Terminal and the user level to 2 for the user guest.
[Sysname-luser-guest] service-type terminal level 2
[Sysname-luser-guest] quit
# Enter AUX 0 user interface view.
[Sysname] user-interface aux 0
# Set the authentication mode to scheme for console login.
[Sysname-ui-aux0] authentication-mode scheme
# Specify the domain system as the default domain, and configure the domain to adopt local authentication in scheme mode.
[Sysname] domain default enable system
[Sysname] domain system
[Sysname-isp-system] scheme local
Complete Configuration
l Console login configuration with the authentication mode being none
#
user-interface aux 0
authentication-mode none
user privilege level 2
history-command max-size 20
idle-timeout 6 0
speed 19200
screen-length 30
l Console login configuration with the authentication mode being password
#
user-interface aux 0
authentication-mode password
user privilege level 2
set authentication password simple 123456
history-command max-size 20
idle-timeout 6 0
speed 19200
screen-length 30
l Console login configuration with the authentication mode being scheme
#
domain system
authentication default local
#
local-user guest
password simple 123456
service-type terminal
level 2
#
user-interface aux 0
authentication-mode scheme
user privilege level 2
history-command max-size 20
idle-timeout 6 0
speed 19200
screen-length 30
Configuration Guidelines
N/A
Configuring to Log In to a Switch Through the Web-Based NMS
Network Diagram
Figure 1-3 Network diagram for logging in through the web-based network management system
Networking and Configuration Requirements
As shown in Figure 1-3, a PC logs into a switch through web-based network management system and manages the switch remotely.
Applicable Product Matrix
Product series |
Software version |
Hardware version |
S3610 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
S5510 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
S5500-SI Series Ethernet Switches |
Release 1207 |
All versions except S5500-20TP-SI |
Release 1301 |
S5500-20TP-SI |
|
S5500-EI Series Ethernet Switches |
Release 2102 |
All versions |
Configuration Procedure
# Configure the IP address of VLAN 1 (default VLAN of the switch) interface as 10.153.17.82 with the mask 255.255.255.0.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-VLAN-interface1] ip address 10.153.17.82 255.255.255.0
[Sysname-VLAN-interface1] quit
# Configure the Web-based network management system user name as admin, and password as admin, and set the user level to 3.
[Sysname] local-user admin
[Sysname-luser-admin] service-type telnet level 3
[Sysname-luser-admin] password simple admin
[Sysname-luser-admin] quit
# Enable the Web server on the switch.
[Sysname] ip http enable
Log in to the switch through IE: Launch IE on the Web-based network management terminal (your PC) and enter http://10.153.17.82 in the address bar (make sure the route between the Web-based network management terminal and the switch is available), and the login authentication page appears, as shown in Figure 1-4.
Figure 1-4 The login page of the Web-based network management system
# Enter the user name and the password configured on the switch and click Login to display the initial page of the Web-based network management system.
Complete Configuration
#
local-user admin
password simple admin
service-type telnet
level 3
#
interface Vlan-interface1
ip address 10.153.17.82 255.255.255.0
Configuration Guidelines
By default, web-based network management system is enabled.
Configuring to Control the Login Users
Network Diagram
Figure 1-5 Network diagram for controlling the login users
Networking and Configuration Requirements
As shown in Figure 1-5, only Telnet/SNMP/Web users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46 are permitted to log in to the switch.
Applicable Product Matrix
Product series |
Software version |
Hardware version |
S3610 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
S5510 Series Ethernet Switches |
Release 5301, Release 5303 |
All versions |
S5500-SI Series Ethernet Switches |
Release 1207 |
All versions except S5500-20TP-SI |
Release 1301 |
S5500-20TP-SI |
|
S5500-EI Series Ethernet Switches |
Release 2102 |
All versions |
S7500E Series Ethernet Switches |
Release 6100, Release 6300 |
All versions |
Configuration Procedure
# Create basic ACL 2000 and enter basic ACL view.
[Sysname] acl number 2000 match-order config
[Sysname-acl-basic-2000]
# Define ACL rules to allow only Telnet/SNMP/Web users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46 to log in to the switch.
[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0
[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0
[Sysname-acl-basic-2000] rule 3 deny source any
[Sysname-acl-basic-2000] quit
# Apply ACL 2000 to control Telnet users by source IP address.
[Sysname] user-interface vty 0 4
[Sysname-ui-vty0-4] acl 2000 inbound
# Apply ACL 2000 to control SNMP users by source IP address.
[Sysname] snmp-agent community read aaa acl 2000
[Sysname] snmp-agent group v2c groupa acl 2000
[Sysname] snmp-agent usm-user v2c usera groupa acl 2000
# Apply ACL 2000 to control Web users by source IP address.
[Sysname] ip http acl 2000
Complete Configuration
l Configuration for controlling Telnet users by source IP address
#
acl number 2000
rule 1 permit source 10.110.100.52 0
rule 2 permit source 10.110.100.46 0
rule 3 deny
#
user-interface vty 0 4
acl 2000 inbound
l Configuration for controlling SNMP users by source IP address
#
acl number 2000
rule 1 permit source 10.110.100.52 0
rule 2 permit source 10.110.100.46 0
rule 3 deny
#
snmp-agent community read aaa acl 2000
snmp-agent group v2c groupa acl 2000
snmp-agent usm-user v2c usera groupa acl 2000
l Configuration for controlling Web users by source IP address
#
ip http acl 2000
#
acl number 2000
rule 1 permit source 10.110.100.52 0
rule 2 permit source 10.110.100.46 0
rule 3 deny
Configuration Guidelines
The S7500E series Ethernet switches with software version do not support Web login. Therefore, Web user control is not applicable to an S7500E series with software version.