No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S7700 and S9700 V200R010C00

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring an Authentication Mode for the Console User Interface

(Optional) Configuring an Authentication Mode for the Console User Interface

Console port login users are directly authenticated using the authentication mode for the console user interface. The default authentication mode is AAA authentication. To ensure the console port login security, you must change the login password for AAA authentication during first login. After logging in to the device, you can change the authentication mode for the console user interface.

Context

The system provides three authentication modes for the console user interface: AAA authentication, password authentication, and none authentication.

  • AAA authentication: Users must enter both user names and passwords for login. If either a user name or a password is incorrect, the login fails.

  • Password authentication: Users must enter passwords for login. The device allows a user to log in only after the user enters the correct password.

  • None authentication: Users can directly log in without entering any information.

    If non-authentication is used, any user can be successfully authenticated without the need of entering the user name and password. Therefore, you are not advised to use non-authentication for device or network security purposes.

    Regardless of the authentication mode, the system starts the delayed login mechanism in the case of a device login failure. If the first login fails, the user can log in again 5 seconds later. The delay time is increased by 5 seconds every time a login failure occurs. For example, the second login is delayed to 10 seconds, and the third login is delayed to 15 seconds.

Procedure

  • Configure AAA authentication.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      user-interface console 0

      The console user interface view is displayed.

    3. Run:

      authentication-mode aaa

      The authentication mode is set to AAA authentication.

    4. Run:

      quit

      Exit the console user interface view.

    5. Run:

      aaa

      The AAA view is displayed.

    6. Run:

      local-user user-name password irreversible-cipher password

      A local user account is created and a password is configured.

    7. Run:

      local-user user-name service-type terminal

      The access type of the local user is set to Console.

    8. Run:

      quit

      Exit the AAA view.

    NOTE:

    If multiple switches set up a stack and an active/standby switchover is being performed, you may fail to log in to a switch. You can log in to the switch after the active/standby switchover is complete.

  • Configure password authentication.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      user-interface console 0

      The console user interface view is displayed.

    3. Run:

      authentication-mode password

      The authentication mode is set to password authentication.

    4. Run:

      set authentication password [ cipher password ]

      An authentication password is set.

      If you do not specify cipher password, you can enter a plain text password in interactive mode. The password entered in interactive mode is not displayed on the screen. If you specify cipher password, you can enter a plain text password or cipher text password. Both types of passwords are saved to the configuration file in cipher text. Plain text passwords have potential security risks. You are recommended to enter a password in interactive mode.

      By default, the system checks the complexity of the entered password. The password takes effect only if it meets the complexity requirement. To disable the password complexity check function, run the user-interface password complexity-check disable command. However, keeping the password complexity check function enabled is recommended because it improves system security.

      NOTE:

      By default, the minimum length of plain text passwords allowed by a device is 8 characters. You can set a longer password to increase password complexity and improve device security. Run the set password min-length length command to set the minimum length of plain text passwords allowed by the device.

      For device security purposes, change the password periodically.

  • Configure none authentication.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      user-interface console 0

      The console user interface view is displayed.

    3. Run:

      authentication-mode none

      The authentication mode is set to none authentication.

Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000141895

Views: 51946

Downloads: 210

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next