H3C S12500 Series Configuration Examples Download Page 3

 

Introduction 

This document provides authentication configuration examples for console and Telnet logins. 
The H3C S12500 switch supports the following login authentication modes: 

 

None

—Disables authentication. This mode allows access without authentication and is insecure. 

 

Password

—Requires a password for login authentication. 

 

Scheme

—Requires a username and password for login authentication. 

To log in to the switch, you can use the methods shown in 

Table 1

.  

Table 1

 

Login methods at a glance 

Login method 

Default settings and minimum configuration requirements 

Console, AUX

 

By default, login through the console port is enabled and no username or password is 
required. After login, configure password or scheme authentication mode to improve 

device security. 
By default, login through the AUX port is enabled and requires a password, but no 

password is configured. To use the AUX port for login, log in through any other method 

and complete the following configuration tasks: 

 

Configure a password for password authentication, or change the authentication 

mode and configure parameters for the new authentication mode. 

 

Assign a user role (network-operator by default). 

Telnet 

By default, Telnet login is disabled. 
To log in through Telnet, complete the following configuration tasks: 

 

Enable the Telnet server function. 

 

Assign an IP address to a Layer 3 interface. Make sure the interface and the Telnet 

client can reach each other. 

 

Configure an authentication mode for VTY login users. By default, password 

authentication is used but no password is configured. 

 

Assign a user role to VTY login users (network-operator by default). 

SSH

 

By default, SSH login is disabled.   
To log in through SSH, complete the following configuration tasks: 

 

Enable the SSH server function and configure SSH attributes. 

 

Assign an IP address to a Layer 3 interface. Make sure the interface and the SSH 

client can reach each other. 

 

Configure scheme authentication for VTY users (password authentication by default). 

 

Assign a user role to VTY login users (network-operator by default). 

For SSH configuration examples, see 

H3C S12500 SSH Configuration Examples

 

Prerequisites 

The configuration examples in this document were created and verified in a lab environment, and all the 

devices were started with the factory default configuration. When you are working on a live network, 
make sure you understand the potential impact of every command on your network. 

Summary of Contents for S12500 Series

Page 1: ...angzhou H3C Technologies Co Ltd All rights reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co Lt...

Page 2: ...ysis 3 Software version used 4 Configuration procedures 4 Verifying the configuration 4 Configuration files 5 Example Configuring password authentication for Telnet users 5 Network requirements 5 Requ...

Page 3: ...ation mode Assign a user role network operator by default Telnet By default Telnet login is disabled To log in through Telnet complete the following configuration tasks Enable the Telnet server functi...

Page 4: ...n password authentication is used The user role depends on the user role setting for the console user interface and is network admin by default Software version used This configuration example was cre...

Page 5: ...on password hash h 6 4PKgIe09Fnyq3ZGB Gjw9CActpVa5IJm9oGEgMBxt opkZkEYv7CriP31oqNJOpAyBPwxIvOds 7XcJ5aGz2xaO77H3CsaSMpRzKenq0Q Example Configuring local scheme authentication for console users Network...

Page 6: ...1 ui console0 authentication mode scheme Switch1 ui console0 quit Configure a local user with the username test and password test Switch1 local user test class manage Switch1 luser manage test passwor...

Page 7: ...g password authentication for Telnet users Network requirements Configure password authentication for Telnet users on the switch in Figure 3 Require Telnet users to provide the password test at login...

Page 8: ...interfaces enable password authentication set the password to test and assign the user role network admin switch1 user interface vty 0 15 switch1 ui vty0 15 authentication mode password switch1 ui vty...

Page 9: ...scheme authentication for Telnet users Network requirements Configure local scheme authentication for Telnet users on the switch in Figure 4 Require Telnet users to provide the username test and pass...

Page 10: ...gabitEthernet7 0 35 port link mode bridge switch1 GigabitEthernet7 0 35 port access vlan 5 switch1 GigabitEthernet7 0 35 quit Enable scheme authentication for all VTY user interfaces switch1 user inte...

Page 11: ...ss vlan 5 user interface vty 0 15 authentication mode scheme user role network admin user role network operator idle timeout 0 0 local user test class manage password hash h 6 uUxUbGGD00 3wYOs cVq29Rs...

Reviews: