No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S7700 and S9700 V200R010C00

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an Authentication Mode for a VTY User Interface

Configuring an Authentication Mode for a VTY User Interface

Context

The system provides three authentication modes for a VTY user interface: AAA authentication, password authentication, and none authentication.

  • AAA authentication: Users must enter both user names and passwords for login. If either a user name or a password is incorrect, the login fails.

  • Password authentication: Users must enter passwords for login. The device allows a user to log in only after the user enters the correct password.

  • None authentication: Users can directly log in without entering any information.

    If non-authentication is used, any user can be successfully authenticated without the need of entering the user name and password. Therefore, you are not advised to use non-authentication for device or network security purposes.

    Regardless of the authentication mode, the system starts the delayed login mechanism in the case of a device login failure. If the first login fails, the user can log in again 5 seconds later. The delay time is increased by 5 seconds every time a login failure occurs. For example, the second login is delayed to 10 seconds, and the third login is delayed to 15 seconds.

Procedure

  • Configure AAA authentication.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      user-interface vty first-ui-number [ last-ui-number ]

      The VTY user interface view is displayed.

    3. Run:

      protocol inbound { all | telnet }

      The VTY user interface is configured to support the Telnet protocol.

      By default, a VTY user interface supports the SSH protocol.

    4. Run:

      authentication-mode aaa

      The authentication mode is set to AAA authentication.

    5. Run:

      quit

      Exit the VTY user interface view.

    6. Run:

      aaa

      The AAA view is displayed.

    7. Run:

      local-user user-name password { cipher | irreversible-cipher } password

      A local user account is created and a password is configured.

    8. Run:

      local-user user-name service-type telnet

      The access type of the local user is set to Telnet.

    9. Run:

      quit

      Exit the AAA view.

  • Configure password authentication.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      user-interface vty first-ui-number [ last-ui-number ]

      The VTY user interface view is displayed.

    3. Run:

      protocol inbound { all | telnet }

      The VTY user interface is configured to support the Telnet protocol.

      By default, a VTY user interface supports the SSH protocol.

    4. Run:

      authentication-mode password

      The authentication mode is set to password authentication.

    5. Run:

      set authentication password [ cipher password ]

      An authentication password is set.

      If you do not specify cipher password, you can enter a plain text password in interactive mode. The password entered in interactive mode is not displayed on the screen. If you specify cipher password, you can enter a plain text password or cipher text password. Both types of passwords are saved to the configuration file in cipher text. Plain text passwords have potential security risks. You are recommended to enter a password in interactive mode.

      By default, the system checks the complexity of the entered password. The password takes effect only if it meets the complexity requirement. To disable the password complexity check function, run the user-interface password complexity-check disable command. However, keeping the password complexity check function enabled is recommended because it improves system security.

      NOTE:

      By default, the minimum length of plain text passwords allowed by a device is 8 characters. You can set a longer password to increase password complexity and improve device security. Run the set password min-length length command to set the minimum length of plain text passwords allowed by the device.

      For device security purposes, change the password periodically.

  • Configure none authentication.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      user-interface vty first-ui-number [ last-ui-number ]

      The VTY user interface view is displayed.

    3. Run:

      protocol inbound { all | telnet }

      The VTY user interface is configured to support the Telnet protocol.

      By default, a VTY user interface supports the SSH protocol.

    4. Run:

      authentication-mode none

      The authentication mode is set to none authentication.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141895

Views: 58307

Downloads: 215

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next