00-S12500_Login_Authentication_Configuration_Examples
Chapters Download (95.71 KB)
| Title | Size | Download |
|---|---|---|
| 00-S12500_Login_Authentication_Configuration_Examples | 95.71 KB |
Example: Configuring local console login authentication
Example: Configuring local Telnet login authentication
This document provides examples for configuring console and Telnet login authentication.
An H3C S12500 switch supports the following login authentication modes:
· None—Disables authentication. This mode allows access without authentication and is insecure.
· Password—Requires password authentication.
· Scheme—Uses the AAA module for local or remote login authentication. You must provide a username and password at login.
Table 1 shows the CLI login methods supported by an H3C S12500 switch.
Table 1 CLI login methods at a glance
|
Login method |
Default settings and minimum configuration requirements |
|
|
Logging in through the console port |
By default, login through the console port is enabled and does not require username or password. The default user privilege level is 3. |
|
|
Logging in through Telnet |
By default, Telnet login is disabled. To log in through Telnet, complete the following configuration tasks: · Enable the Telnet server function. (By default, the Telnet server is disabled.) · Assign an IP address to the management Ethernet interface or VLAN interface. Make sure the interface and the Telnet client can reach each other. (By default, the switch does not have an IP address.) · Configure an authentication mode for VTY login users. (By default, password authentication is used.) · Assign a user privilege level to VTY login users. (The default level is 0. ) |
|
|
Logging in through SSH |
By default, SSH login is disabled. To log in through SSH, complete the following configuration tasks: · Enable the SSH server function and configure SSH attributes. (By default, SSH server is disabled.) · Assign an IP address to the VLAN interface. Make sure the interface and the SSH client can reach each other. (By default, the switch does not have an IP address.) · Configure scheme authentication for VTY login users. (By default, password authentication is used.) · Assign a user privilege level to VTY login users. (The default level is 0.) For information about SSH configuration examples, see H3C S12500 SSH Configuration Examples. |
|
The configuration examples in this document were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.
This document assumes that you have basic knowledge of login management.
Configure local console login authentication on the switch in Figure 1 so a console user must provide the username test and password test at login.
· To require both a username and a password for authentication, configure the scheme authentication mode.
· To perform local authentication, configure a local user account on the switch.
· To allow the user to log in through the console port, authorize the user to use the terminal service.
· To allow the user to use all commands after login, set the user privilege level to 3 for the local user account. (The default user privilege level is 0.)
This configuration example was created and verified on S12500-CMW520-R1825P01.
# Set the authentication mode to scheme for the console user interface.
<Switch1> system-view
[Switch1] user-interface console 0
[Switch1-ui-console0] authentication-mode scheme
[Switch1-ui-console0] quit
# Configure a local user account with the user name test and the password test, set the user privilege level to 3, and authorize the user to use the terminal service.
[Switch1] local-user test
[Switch1-luser-test] password simple test
[Switch1-luser-test] authorization-attribute level 3
[Switch1-luser-test] service-type terminal
[Switch1-luser-test] quit
# Use the PC to log in to the switch through the console port. You must provide the username test and password test to pass login authentication.
User interface con0 is available.
Please press ENTER.
Login authentication
Username:test
Password:
<Switch1> system-view
System View: return to User View with Ctrl+Z.
[Switch1]
#
domain default enable system
#
local-user test
password cipher $c$3$DE9ZKZ42sq42584hbTlqx6L74Ar8go4=
authorization-attribute level 3
service-type terminal
#
user-interface con 0
authentication-mode scheme
#
Configure local Telnet login authentication on the switch in Figure 2 so a Telnet user must provide the password test at login.
Table 2 shows the VLAN and IP address assignment.
Table 2 VLAN and IP address assignment
|
Device |
VLAN |
IP address |
Interface |
|
Switch1 |
VLAN 5 |
15.15.1.1/16 |
GE 7/0/35 |
|
PC |
N/A |
15.15.1.2/16 |
N/A |
· To allow Telnet login, enable the Telnet server on the switch.
· To require only a password for authentication, configure the password authentication mode and configure the password in VTY user interface view.
· To allow the user to use all commands after login, set the user privilege level to 3 in VTY user interface view. (The default user privilege level is 0.)
This configuration example was created and verified on S12500-CMW520-R1825P01.
# Enable the Telnet service.
<switch1> system-view
[switch1] telnet server enable
# For all VTY user interfaces, set the authentication mode to password, the password to test, and the user privilege level to 3.
[switch1] user-interface vty 0 15
[switch1-ui-vty0-15] authentication-mode password
[switch1-ui-vty0-15] set authentication password simple test
[switch1-ui-vty0-15] user privilege level 3
[switch1-ui-vty0-15] quit
# Telnet to the switch from the PC. You must provide the password test to pass login authentication.
Login authentication
password :
<Switch1>
#
domain default enable system
#
telnet server enable
#
vlan 5
#
interface Vlan-interface5
ip address 15.15.1.1 255.255.0.0
#
interface GigabitEthernet7/0/35
port link-mode bridge
port access vlan 5
#
user-interface vty 0 15
user privilege level 3
set authentication password cipher $c$3$nHqenYtWTFWBa4fcuksm2MR5VOrD1HI=
#
· H3C S12500 Routing Switch Series Fundamentals Configuration Guide
· H3C S12500 Routing Switch Series Fundamentals Command Reference
