No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S9300, S9300E, and S9300X V200R011C10

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring an Authentication Mode for a VTY User Interface

Configuring an Authentication Mode for a VTY User Interface

Context

The system provides three authentication modes for a VTY user interface: AAA authentication, password authentication, and none authentication.

  • AAA authentication: Users must enter both user names and passwords for login. If either a user name or a password is incorrect, the login fails.

  • Password authentication: Users must enter passwords for login. Only after a user enters the correct password does the device allow the user to log in.

  • None authentication: Users can directly log in without entering any information.

    If non-authentication is used, any user can be successfully authenticated without the need of entering the user name and password. Therefore, you are not advised to use non-authentication for device or network security purposes.

    Regardless of the authentication mode, the system starts the delayed login mechanism in the case of a device login failure. If the first login fails, the user can log in again 5 seconds later. The delay time is increased by 5 seconds every time a login failure occurs. The second login is delayed to 10 seconds, and the third login is delayed to 15 seconds.

Procedure

  • Configure AAA authentication.
    1. Run system-view

      The system view is displayed.

    2. Run user-interface vty first-ui-number [ last-ui-number ]

      The VTY user interface view is displayed.

    3. Run protocol inbound { all | telnet }

      The VTY user interface is configured to support the Telnet protocol.

      By default, a VTY user interface supports the SSH protocol.

    4. Run authentication-mode aaa

      The authentication mode is set to AAA authentication.

    5. Run quit

      Exit the VTY user interface view.

    6. Run aaa

      The AAA view is displayed.

    7. Run local-user user-name password { cipher | irreversible-cipher } password

      A local user account is created and a password is configured.

    8. Run local-user user-name service-type telnet

      The access type of the local user is set to Telnet.

    9. Run quit

      Exit the AAA view.

  • Configure password authentication.
    1. Run system-view

      The system view is displayed.

    2. Run user-interface vty first-ui-number [ last-ui-number ]

      The VTY user interface view is displayed.

    3. Run protocol inbound { all | telnet }

      The VTY user interface is configured to support the Telnet protocol.

      By default, a VTY user interface supports the SSH protocol.

    4. Run authentication-mode password

      The authentication mode is set to password authentication.

    5. Run set authentication password [ cipher password ]

      An authentication password is set.

      If you do not specify cipher password, you can enter a password in plain text in interactive mode. The password entered in interactive mode is not displayed on the screen. If you specify cipher password, you can enter a plain text password or cipher text password. Both types of passwords are saved to the configuration file in cipher text. Passwords in plain text have potential security risks. It is recommended that you enter a password in interactive mode.

      By default, the system checks the complexity of the entered password. The password takes effect only if it meets the complexity requirement. To disable the password complexity check function, run the user-interface password complexity-check disable command. However, keeping the password complexity check function enabled is recommended, which improves system security.

      NOTE:

      By default, the minimum length of passwords in plain text allowed by a device is 8 characters. You can set a longer password to increase password complexity and improve device security. Run the set password min-length length command to set the minimum length of passwords in plain text allowed by the device.

  • Configure none authentication.
    1. Run system-view

      The system view is displayed.

    2. Run user-interface vty first-ui-number [ last-ui-number ]

      The VTY user interface view is displayed.

    3. Run protocol inbound { all | telnet }

      The VTY user interface is configured to support the Telnet protocol.

      By default, a VTY user interface supports the SSH protocol.

    4. Run authentication-mode none

      The authentication mode is set to none authentication.

Translation
Download
Updated: 2019-04-17

Document ID: EDOC1000178413

Views: 68824

Downloads: 109

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next