4-1
4
User Interface Configuration Examples
User Authentication Configuration Example
Network diagram
As shown in
Figure 4-1
, command levels should be configured for different users to secure Device:
z
The device administrator accesses Device through the console port on Host A. When the
administrator logs in to the device, username and password are not required.
z
Users access Device through an Ethernet interface on Host B. When a user logs in to Device, both
username and password are required. Only the authenticated users can log in and perform
configurations. RADIUS authentication is of higher priority, and local authentication is used when
the RADIUS server or the link fails. The local username is monitor and password is 123.
Figure 4-1
Network diagram for configuring user authentication
Configuration procedure
# Assign an IP address to Device to make Device be reachable from Host A, Host B, Host C, and
RADIUS server. The configuration is omitted.
# Enable telnet services on Device.
<Device> system-view
[Device] telnet server enable
# Set that no authentication is needed when users use the console port to log in to Device. Set the
privilege level of the administrator logging in from the console port to
3
, that is, the administrator can
execute all the device commands.
[Device] user-interface aux 0
[Device-ui-aux0] authentication-mode none
[Device-ui-aux0] user privilege level 3
[Device-ui-aux0] quit
# Set to use username and password authentication when users use VTY interface to log in to Device
from Host B. The command level that a login user on VTY can access depends on the user
configuration on the AAA server.
[Device] user-interface vty 0 4
[Device-ui-vty0-4] authentication-mode scheme