No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 Series Agile Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Authentication for Telnet Login Users (AAA Local Authentication)

Example for Configuring Authentication for Telnet Login Users (AAA Local Authentication)

AAA Local Authentication Overview

Users are locally authenticated through AAA. To log in to a device, a user must enter the correct user name and password. User information is configured on the local device. There is no need to deploy an authentication server on the network. Therefore, AAA local authentication is fast and inexpensive. However, how much user information can be stored depends on the hardware capacity of the device.

Configuration Notes

This configuration example applies to all switches running all versions.

Networking Requirements

As shown in Figure 14-1, administrator needs to remotely manage the device in a simplified and secure manner. The specific requirements are as follows:

  1. The administrator must enter correct user name and password to log in to the device through Telnet.
  2. After logging in to the device through Telnet, the administrator can run the commands at levels 0-3.
Figure 14-1  Configuring authentication for Telnet login users (AAA local authentication)

Configuration Roadmap

  1. Enable the Telnet service.
  2. Set the authentication method for Telnet login users to AAA.
  3. Configure AAA local authentication, including creating a local user, setting the user access type to Telnet, and setting the user level to 15.

Procedure

  1. Configure interfaces and assign IP addresses.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] vlan batch 10
    [Switch] interface vlanif 10
    [Switch-Vlanif10] ip address 10.1.2.10 24
    [Switch-Vlanif10] quit
    [Switch] interface gigabitethernet1/0/1
    [Switch-GigabitEthernet1/0/1] port link-type access
    [Switch-GigabitEthernet1/0/1] port default vlan 10
    [Switch-GigabitEthernet1/0/1] quit

  2. Enable the Telnet server.

    [Switch] telnet server enable

  3. Set the authentication method for the VTY user interface to AAA.

    [Switch] user-interface maximum-vty 15  //Set the maximum number of VTY login uses to 15 (The value range varies according to product versions and models). By default, the maximum number of Telnet users is 5.
    [Switch] user-interface vty 0 14  //Enter the VTY 0-14 user view.
    [Switch-ui-vty0-14] authentication-mode aaa  //Set the authentication method for the VTY user view to AAA.
    [Switch-ui-vty0-14] protocol inbound telnet  //Configure the VTY user interface to support Telnet. By default, switches in V200R006 and earlier versions support Telnet, and switches in V200R007 and later versions support SSH.
    [Switch-ui-vty0-14] quit

  4. Configure AAA local authentication.

    [Switch] aaa
    [Switch-aaa] local-user user1 password irreversible-cipher Huawei@1234  //Create local user user1 and set the password. The password is displayed in cipher text in the configuration file, so remember the password. If you forget the password, run this command again to reconfigure the password .
    [Switch-aaa] local-user user1 service-type telnet  //Set the access type of user1 to Telnet. The user can log in through only Telnet (by default, users can log in through any method in versions earlier than V200R007 and cannot log in through any method in V200R007 and later versions).
    [Switch-aaa] local-user user1 privilege level 15  //Set the user level of user1 to 15. The user can use the commands of level 3 and lower levels.
    Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N] y
    [Switch-aaa] quit
    NOTE:

    When the entered user name does not contain a domain name, the device authenticates the user using the default administrative domain default_admin. By default, the default administrative domain uses the authentication scheme default and accounting scheme default.

    • Authentication scheme default: local authentication
    • Accounting scheme default: non-accounting

  5. Verify the configuration.

    Choose Start > Run on your computer and enter cmd to open the cmd window. Run the telnet command and enter the user name user1 and password Huawei@1234 to log in to the device through Telnet.

    C:\Documents and Settings\Administrator> telnet 10.1.2.10
    Username:user1
    Password:***********
    <Switch>//The administrator successfully logs in.

Configuration Files

Configuration file of the Switch

#
sysname Switch
#
vlan batch 10
#
telnet server enable
#
aaa      
 local-user user1 password irreversible-cipher %^%#.)P`(ahmeXKljES$}IC%OdjjC$m)cA#}T(8z4*ZK!_Z+GSo<7C*O8WO,!rt;%^%#     
 local-user user1 privilege level 15       
 local-user user1 service-type telnet         
# 
interface Vlanif10 
 ip address 10.1.2.10 255.255.255.0     
# 
interface GigabitEthernet1/0/1         
 port link-type access           
 port default vlan 10 
#
user-interface maximum-vty 15     
user-interface vty 0 14    
 authentication-mode aaa    
 protocol inbound telnet
#
return
Download
Updated: 2019-05-16

Document ID: EDOC1000069466

Views: 249439

Downloads: 1980

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next