As shown in Figure 1-1, the serial port of a PC/terminal is connected to the console port of the switch using a console cable. The current user logs into the switch from the AUX user interface on the console port to configure Telnet login. The current user level is 3, that is, the manage level.

Applicable Product Matrix

Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301, Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301, Release 5303	All versions
S5500-SI Series Ethernet Switches	Release 1207	All versions except S5500-20TP-SI
S5500-SI Series Ethernet Switches	Release 1301	S5500-20TP-SI
S5500-EI Series Ethernet Switches	Release 2102	All versions
S7500E Series Ethernet Switches	Release 6100, Release 6300	All versions

Configuration Procedure

l Common configuration for Telnet login

# Enter system view, and enable Telnet service.

<Sysname> system-view

[Sysname] telnet server enable

# Set the level of commands accessible to the virtual type terminal (VTY) 0 user to 2.

[Sysname] user-interface vty 0

[Sysname-ui-vty0] user privilege level 2

# Enable the Telnet service on VTY 0.

[Sysname-ui-vty0] protocol inbound telnet

# Set the number of lines that can be viewed on the screen of the VTY 0 user to 30.

[Sysname-ui-vty0] screen-length 30

# Set the history command buffer size to 20 for VTY 0.

[Sysname-ui-vty0] history-command max-size 20

# Set the idle-timeout time of VTY 0 to 6 minutes.

[Sysname-ui-vty0] idle-timeout 6

l Configure the authentication mode for Telnet login

The following three authentication modes are available for Telnet login: none, password, and scheme.

The configuration procedures for the three authentication modes are described below:

1) Configure not to authenticate Telnet users on VTY 0.

[Sysname] user-interface vty 0

[Sysname-ui-vty0] authentication-mode none

2) Configure password authentication for Telnet login on VTY 0, and set the password to 123456 in plain text.

[Sysname] user-interface vty 0

[Sysname-ui-vty0] authentication-mode password

[Sysname-ui-vty0] set authentication password simple 123456

3) Configure local authentication in scheme mode for login users.

# Create a local user named guest and enter local user view.

[Sysname] local-user guest

# Set the authentication password to 123456 in plain text.

[Sysname-luser-guest] password simple 123456

# Set the service type to Telnet and the user level to 2 for the user guest.

[Sysname-luser-guest] service-type telnet level 2

[Sysname-luser-guest] quit

# Enter VTY 0 user interface view.

[Sysname] user-interface vty 0

# Set the authentication mode to scheme for Telnet login on VTY 0.

[Sysname-ui-vty0] authentication-mode scheme

[Sysname-ui-vty0] quit

# Specify the domain system as the default domain, and configure the domain to adopt local authentication in scheme mode.

[Sysname] domain default enable system

[Sysname] domain system

[Sysname-isp-system] scheme local

Complete Configuration

l Telnet login configuration with the authentication mode being none

telnet server enable

user-interface vty 0

authentication-mode none

user privilege level 2

history-command max-size 20

idle-timeout 6 0

screen-length 30

protocol inbound telnet

l Telnet login configuration with the authentication mode being password

telnet server enable

user-interface vty 0

authentication-mode password

user privilege level 2

set authentication password simple 123456

history-command max-size 20

idle-timeout 6 0

screen-length 30

protocol inbound telnet

l Telnet login configuration with the authentication mode being scheme

domain system

authentication default local

telnet server enable

local-user guest

service-type telnet

level 2

password simple 123456

user-interface vty 0

authentication-mode scheme

user privilege level 2

history-command max-size 20

idle-timeout 6 0

screen-length 30

protocol inbound telnet

Configuration Guidelines

N/A

Configuring Console Port Login Using Telnet

An Ethernet switch supports Telnet, so you can manage and maintain the switch remotely by Telnetting to it.

Network Diagram

Figure 1-2 Network diagram for configuring console port login using Telnet

Networking and Configuration Requirements

As shown in Figure 1-2, telnet to the switch to configure console login. The current user level is 3, that is, the manage level.

Applicable Product Matrix

Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301, Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301, Release 5303	All versions
S5500-SI Series Ethernet Switches	Release 1207	All versions except S5500-20TP-SI
S5500-SI Series Ethernet Switches	Release 1301	S5500-20TP-SI
S5500-EI Series Ethernet Switches	Release 2102	All versions
S7500E Series Ethernet Switches	Release 6100, Release 6300	All versions

Configuration Procedure

l Common configuration for console login

# Specify the level of commands accessible to the AUX 0 user interface to 2.

[Sysname] user-interface aux 0

[Sysname-ui-aux0] user privilege level 2

# Set the baud rate of the console port to 19200 bps.

[Sysname-ui-aux0] speed 19200

# Set the number of lines that can be viewed on the screen of the AUX 0 user to 30.

[Sysname-ui-aux0] screen-length 30

# Set the history command buffer size to 20 for AUX 0.

[Sysname-ui-aux0] history-command max-size 20

# Set the idle-timeout time of AUX 0 to 6 minutes.

[Sysname-ui-aux0] idle-timeout 6

l Configure the authentication mode for console login

The following three authentication modes are available for console login: none, password, and scheme.

The configuration procedures for the three authentication modes are described below:

1) Configure not to authenticate console login users.

[Sysname] user-interface aux 0

[Sysname-ui-aux0] authentication-mode none

2) Configure password authentication for console login, and set the password to 123456 in plain text.

[Sysname] user-interface aux 0

[Sysname-ui-aux0] authentication-mode password

[Sysname-ui-aux0] set authentication password simple 123456

3) Configure local authentication in scheme mode for console login.

# Create a local user named guest and enter local user view.

[Sysname] local-user guest

# Set the authentication password to 123456 in plain text.

[Sysname-luser-guest] password simple 123456

# Set the service type to Terminal and the user level to 2 for the user guest.

[Sysname-luser-guest] service-type terminal level 2

[Sysname-luser-guest] quit

# Enter AUX 0 user interface view.

[Sysname] user-interface aux 0

# Set the authentication mode to scheme for console login.

[Sysname-ui-aux0] authentication-mode scheme

# Specify the domain system as the default domain, and configure the domain to adopt local authentication in scheme mode.

[Sysname] domain default enable system

[Sysname] domain system

[Sysname-isp-system] scheme local

Complete Configuration

l Console login configuration with the authentication mode being none

user-interface aux 0

authentication-mode none

user privilege level 2

history-command max-size 20

idle-timeout 6 0

speed 19200

screen-length 30

l Console login configuration with the authentication mode being password

user-interface aux 0

authentication-mode password

user privilege level 2

set authentication password simple 123456

history-command max-size 20

idle-timeout 6 0

speed 19200

screen-length 30

l Console login configuration with the authentication mode being scheme

domain system

authentication default local

local-user guest

password simple 123456

service-type terminal

level 2

user-interface aux 0

authentication-mode scheme

user privilege level 2

history-command max-size 20

idle-timeout 6 0

speed 19200

screen-length 30

Configuration Guidelines

N/A

Configuring to Log In to a Switch Through the Web-Based NMS

Network Diagram

Figure 1-3 Network diagram for logging in through the web-based network management system

Networking and Configuration Requirements

As shown in Figure 1-3, a PC logs into a switch through web-based network management system and manages the switch remotely.

Applicable Product Matrix

Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301, Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301, Release 5303	All versions
S5500-SI Series Ethernet Switches	Release 1207	All versions except S5500-20TP-SI
S5500-SI Series Ethernet Switches	Release 1301	S5500-20TP-SI
S5500-EI Series Ethernet Switches	Release 2102	All versions

Configuration Procedure

# Configure the IP address of VLAN 1 (default VLAN of the switch) interface as 10.153.17.82 with the mask 255.255.255.0.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-VLAN-interface1] ip address 10.153.17.82 255.255.255.0

[Sysname-VLAN-interface1] quit

# Configure the Web-based network management system user name as admin, and password as admin, and set the user level to 3.

[Sysname] local-user admin

[Sysname-luser-admin] service-type telnet level 3

[Sysname-luser-admin] password simple admin

[Sysname-luser-admin] quit

# Enable the Web server on the switch.

[Sysname] ip http enable

Log in to the switch through IE: Launch IE on the Web-based network management terminal (your PC) and enter http://10.153.17.82 in the address bar (make sure the route between the Web-based network management terminal and the switch is available), and the login authentication page appears, as shown in Figure 1-4.

Figure 1-4 The login page of the Web-based network management system

# Enter the user name and the password configured on the switch and click Login to display the initial page of the Web-based network management system.

Complete Configuration

local-user admin

password simple admin

service-type telnet

level 3

interface Vlan-interface1

ip address 10.153.17.82 255.255.255.0

Configuration Guidelines

By default, web-based network management system is enabled.

Configuring to Control the Login Users

Network Diagram

Figure 1-5 Network diagram for controlling the login users

Networking and Configuration Requirements

As shown in Figure 1-5, only Telnet/SNMP/Web users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46 are permitted to log in to the switch.

Applicable Product Matrix

Product series	Software version	Hardware version
S3610 Series Ethernet Switches	Release 5301, Release 5303	All versions
S5510 Series Ethernet Switches	Release 5301, Release 5303	All versions
S5500-SI Series Ethernet Switches	Release 1207	All versions except S5500-20TP-SI
S5500-SI Series Ethernet Switches	Release 1301	S5500-20TP-SI
S5500-EI Series Ethernet Switches	Release 2102	All versions
S7500E Series Ethernet Switches	Release 6100, Release 6300	All versions

Configuration Procedure

# Create basic ACL 2000 and enter basic ACL view.

[Sysname] acl number 2000 match-order config

[Sysname-acl-basic-2000]

# Define ACL rules to allow only Telnet/SNMP/Web users sourced from the IP addresses of 10.110.100.52 and 10.110.100.46 to log in to the switch.

[Sysname-acl-basic-2000] rule 1 permit source 10.110.100.52 0

[Sysname-acl-basic-2000] rule 2 permit source 10.110.100.46 0

[Sysname-acl-basic-2000] rule 3 deny source any

[Sysname-acl-basic-2000] quit

# Apply ACL 2000 to control Telnet users by source IP address.

[Sysname] user-interface vty 0 4

[Sysname-ui-vty0-4] acl 2000 inbound

# Apply ACL 2000 to control SNMP users by source IP address.

[Sysname] snmp-agent community read aaa acl 2000

[Sysname] snmp-agent group v2c groupa acl 2000

[Sysname] snmp-agent usm-user v2c usera groupa acl 2000

# Apply ACL 2000 to control Web users by source IP address.

[Sysname] ip http acl 2000

Complete Configuration

l Configuration for controlling Telnet users by source IP address

acl number 2000

rule 1 permit source 10.110.100.52 0

rule 2 permit source 10.110.100.46 0

rule 3 deny

user-interface vty 0 4

acl 2000 inbound

l Configuration for controlling SNMP users by source IP address

acl number 2000

rule 1 permit source 10.110.100.52 0

rule 2 permit source 10.110.100.46 0

rule 3 deny

snmp-agent community read aaa acl 2000

snmp-agent group v2c groupa acl 2000

snmp-agent usm-user v2c usera groupa acl 2000

l Configuration for controlling Web users by source IP address

ip http acl 2000

acl number 2000

rule 1 permit source 10.110.100.52 0

rule 2 permit source 10.110.100.46 0

rule 3 deny

Configuration Guidelines

The S7500E series Ethernet switches with software version do not support Web login. Therefore, Web user control is not applicable to an S7500E series with software version.

TOP

H3C reserves the right to modify its collaterals without any prior notice. For the latest information of the collaterals, please consult H3C sales or call 400 hotline.

H3C Low-End and Mid-Range Ethernet Switches Configuration Examples(V1.01)

01-Login Configuration Guide

Complete Configuration

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information

News & Events

Contact Us