No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S600-E V200R010C00 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, NAC, and Policy Association.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Authentication for Telnet Login Users (Local Authentication)

Example for Configuring Authentication for Telnet Login Users (Local Authentication)

Networking Requirements

On the network shown in Figure 1-28, the network administrator of an enterprise needs to remotely manage the device in an easy and secure manner. To achieve this, local authentication can be configured for the administrator logging in through Telnet. The requirements are as follows:

  1. The administrator enters the correct user name and password to log in to the device through Telnet.
  2. After logging in to the device through Telnet, the administrator can run the commands at levels 0-15.
Figure 1-28  Configuring authentication for Telnet login users (local authentication)

Configuration Roadmap

The configuration roadmap is as follows:

  1. Assign an IP address to the interface on the switch that is connected to the management network.
  2. Enable the Telnet server function.
  3. Configure AAA authentication for the VTY user interface.
  4. Configure local authentication, including setting the user name and password, access type, and user level.

Procedure

  1. Assign an IP address to the interface on the switch that is connected to the management network.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] vlan batch 100
    [Switch] interface vlanif 100
    [Switch-Vlanif100] ip address 10.1.2.10 24
    [Switch-Vlanif100] quit
    [Switch] interface gigabitethernet 0/0/1
    [Switch-GigabitEthernet0/0/1] port link-type hybrid
    [Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 100
    [Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 100
    [Switch-GigabitEthernet0/0/1] quit
    

  2. Enable the Telnet server function.

    [Switch] telnet server enable
    

  3. Configure AAA authentication for the VTY user interface.

    [Switch] user-interface maximum-vty 15
    [Switch] user-interface vty 0 14
    [Switch-ui-vty0-14] authentication-mode aaa  
    [Switch-ui-vty0-14] protocol inbound telnet 
    [Switch-ui-vty0-14] quit
    

  4. Configure local authentication.

    [Switch] aaa
    [Switch-aaa] local-user user1 password irreversible-cipher Huawei@123
    [Switch-aaa] local-user user1 service-type telnet
    [Switch-aaa] local-user user1 privilege level 15
    [Switch-aaa] quit
    
    NOTE:

    When the entered user name does not contain a domain name, the device authenticates the user using the default management domain default_admin. By default, the default_admin domain uses the authentication scheme default and accounting scheme default.

    • Authentication scheme default: Uses the local authentication mode.
    • Accounting scheme default: Uses the non-accounting mode.

  5. Verify the configuration.

    Choose Start > Run on your computer and enter cmd to open the cmd window. Run the telnet command and enter the user name user1 and password Huawei@123 to log in to the device through Telnet.

    C:\Documents and Settings\Administrator> telnet 10.1.2.10
    Username:user1
    Password:***********

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 100
#
telnet server enable
#
aaa                                                                             
 local-user user1 password irreversible-cipher $1a$+:!j;\;$Z!$&%}p%ctzj"W`GM;APoC=XPLB=L-vJG3-'3Dhyci;$
 local-user user1 privilege level 15                                                       
 local-user user1 service-type telnet
#
 interface Vlanif100
 ip address 10.1.2.10 255.255.255.0                                          
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 100
 port hybrid untagged vlan 100   
# 
user-interface maximum-vty 15                                                   
user-interface vty 0 14                                                         
 authentication-mode aaa 
 protocol inbound telnet                                                     
#
return 
Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141885

Views: 53940

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next