HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 43
31
Step Command Remarks
3. Enter AUX user interface
view. user-interface aux
first -number
[ last-number ] N/A
4.
Configure the baud rate.
speed speed-value By default, the transmission rate is
9600 bps.
5.
Configure the parity check
mode. parity { even
| none | odd } The default setting is
none, namely,
no parity check.
6. Configure the number of stop
bits. stopbits
{ 1 | 1.5 | 2 } The default is 1.
Stop bits indicate the end of a
character. The more the stop...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-42.png "Page 43
31
Step Command Remarks
3. Enter AUX user interface
view. user-interface aux
first -number
[ last-number ] N/A
4.
Configure the baud rate.
speed speed-value By default, the transmission rate is
9600 bps.
5.
Configure the parity check
mode. parity { even
| none | odd } The default setting is
none, namely,
no parity check.
6. Configure the number of stop
bits. stopbits
{ 1 | 1.5 | 2 } The default is 1.
Stop bits indicate the end of a
character. The more the stop...")
![Page 44
32
Step Command Remarks
14. Set the size of command
history buffer. history-command max-size
value By default, the buffer saves 10
history commands at most.
15.
Set the idle-timeout timer.
idle-timeout minutes [ seconds ] The default idle-timeout is 10
minutes. The system automatically
terminates the user’s connection if
there is no information interaction
between the device and the user
within the idle-timeout time.
Setting idle-timeout to 0 disables the
timer.
Logging in through...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-43.png "Page 44
32
Step Command Remarks
14. Set the size of command
history buffer. history-command max-size
value By default, the buffer saves 10
history commands at most.
15.
Set the idle-timeout timer.
idle-timeout minutes [ seconds ] The default idle-timeout is 10
minutes. The system automatically
terminates the user’s connection if
there is no information interaction
between the device and the user
within the idle-timeout time.
Setting idle-timeout to 0 disables the
timer.
Logging in through...")
29
Step Command Remarks
4. Enable command
authorization. command authorization Optional.
By default, command authorization
is disabled. The commands
available for a user only depend on
the user privilege level.
If command authorization is
enabled, a command is available
only if the user has the
commensurate user privilege level
and is authorized to use the
command by the AAA scheme.
5.
Enable command
accounting. command accounting Optional.
By default, command accounting is
disabled. The accounting server
does not record the commands
executed by users.
Command accounting allows the
HWTACACS server to record all
commands executed by users,
regardless of command execution
results. This function helps control
and monitor user behaviors on the
device. If command accounting is
enabled and command
authorization is not enabled, every
executed command is recorded on
the HWTACACS server. If both
command accounting and
command authorization are
enabled, only the authorized and
executed commands are recorded
on the HWTACACS server.
6.
Exit to system view.
quit N/A
7. Apply an AAA
authentication scheme to
the intended domain. 8.
Enter ISP domain view:
domain domain-name
9. Apply an AAA scheme to the
domain:
authentication default
{ hwtacacs-scheme
hwtacacs-scheme -name
[ local ] | local | none |
radius-scheme
radius-scheme-name [ local ] }
10. Exit to system view:
quit Optional.
By default, local authentication is
used.
For local authentication, configure
local user accounts.
For RADIUS or HWTACACS
authentication, configure the
RADIUS or HWTACACS scheme on
the device and configure
authentication settings (including the
username and password) on the
server.
For more information about AAA
configuration, see
Security
Configuration Guide .
11. Create a local user and
enter local user view. local-user
user-name By default, no local user exists.
30
Step Command Remarks
12. Set an authentication
password for the local user. password
{ cipher | simple }
password By default, no password is set.
13.
Specifies a command level
of the local user. authorization-attribute level
level Optional.
By default, the command level is 0.
14.
Specify terminal service for
the local user. service-type
terminal By default, no service type is
specified.
15.
Configure common settings
for console login. See
Configuring common console
login settings ( optional). Optional.
The next time you attempt to log in through the co
nsole port, you must provide the configured login
username and password, as shown in Figure 11.
Figure 11 Schem
e authentication interface for console login
Configuring common console login settings (optional)
Some common settings configured for an AUX user interface take effect immediately and can interrupt
the console login session. To save you the trouble of repeated re-logins, use a login method different from
console login to log in to the device be fore you change console login settings.
After the configuration is complete, change the termin al settings on the configuration terminal and make
sure they are the same as the settings on the device.
To configure common settings for an AUX user interface:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable copyright information
display. copyright-info
enable By default, copyright information
display is enabled.
31
Step Command Remarks
3. Enter AUX user interface
view. user-interface aux
first -number
[ last-number ] N/A
4.
Configure the baud rate.
speed speed-value By default, the transmission rate is
9600 bps.
5.
Configure the parity check
mode. parity { even
| none | odd } The default setting is
none, namely,
no parity check.
6. Configure the number of stop
bits. stopbits
{ 1 | 1.5 | 2 } The default is 1.
Stop bits indicate the end of a
character. The more the stop bits, the
slower the transmission.
7.
Configure the number of
data bits in a character. databits
{ 7 | 8 } By default, the number of data bits in
each character is 8.
The setting depends on the character
coding type. For example, you can
set it to 7 if standard ASCII
characters are to be sent, and set it
to 8 if extended ASCII characters
are to be sent.
8.
Define a shortcut key for
enabling a terminal session. activation-key
character By default, press
Enter to enable a
terminal session.
9. Define a shortcut key for
terminating tasks. escape-key
{ default | character } By default, press Ctrl+C to terminate
a task.
10. Configure the flow control
mode. flow-control
{ hardware | none |
software } By default, the flow control mode is
none
.
The device supports only the none
mode.
11. Specify the terminal display.
terminal type { ansi | vt100 } By default, the terminal display type
is ANSI.
The device supports two terminal
display types: ANSI and VT100. HP
recommends setting the display type
to VT100 for both the device and the
client. If the device and the client use
different display types or both use
the ANSI display type, when the
total number of characters of a
command line exceeds 80, the
screen display on the terminal might
be abnormal. For example, the
cursor might be displayed at a
wrong place.
12.
Configure the user privilege
level for login users. user privilege level
level By default, the default command
level is 3 for AUX user interfaces.
13.
Set the maximum number of
lines to be displayed on a
screen. screen-length
screen-length By default, a screen displays 24
lines at most.
A value of 0 disables pausing
between screens of output.
32 Step Command Remarks 14. Set the size of command history buffer. history-command max-size value By default, the buffer saves 10 history commands at most. 15. Set the idle-timeout timer. idle-timeout minutes [ seconds ] The default idle-timeout is 10 minutes. The system automatically terminates the user’s connection if there is no information interaction between the device and the user within the idle-timeout time. Setting idle-timeout to 0 disables the timer. Logging in through Telnet You can Telnet to the device through a VTY user interface for remote management, or use the device as a Telnet client to Telnet to other devices, as shown in Figure 12. Figure 12 Telnet login Table 13 shows the Telnet server and client configuration required for a successful Telnet login. Table 13 Telnet server and Telnet clie nt configuration requirements Ob ject Requirements Telnet server Enable Telnet server Assign an IP address to a Layer 3 interf ace, and make sure the Telnet server and client can reach each other. Configure the authentication mode and other settings. Telnet client Run the Telnet client program. Obtain the IP address of the Layer 3 interface on the server. To control Telnet access to the device working as a Telnet server, configure authentication and user privilege for Telnet users. By default, password authentication applies to Telnet login, but no login password is configured. To allow Telnet access to the device after you enable the Telnet server, you must configure a password. The following are authentication modes available for controlling Telnet logins: • None —Requires no authentication and is insecure. • Password —Requires a password for accessing the CLI. If your password was lost, log in to the device through the console port to modify the password. • Scheme —Uses the AAA module to provide local or remote authentication. You must provide a username and password for accessing the CLI. If the password configured in the local user database was lost, see H P Se rie s E t h e rn e t Swi tch es Lo g i n Password Re c over y M a nu a l for password
33 recovery. If the username or password configured on a remote server was lost, contact the server administrator for help. Table 14 Configuration required for different Telnet login authentication modes Authentication mode Configuration tasks Reference None Set the authentication mode to none for the VTY user interface. Configuring none authentication f or Telnet login Password Enable password authentication on the VTY user interface. Set a password. Configuring password authentication f or Telnet login AAA Enable scheme authentication on the VTY user interface. Configure local or remote authentication settings. To configure local authentication: 1. Configure a local user and specify the password. 2. Configure the device to use local authentication. To configure remote authentication: 3. Configure the RADIUS or HWTACACS scheme on the device. 4. Configure the username and password on the AAA server. 5. Configure the device to use the scheme for user authentication. Configuring scheme authentication f or Telnet login Configuring none authentication for Telnet login Step Command Remarks 1. Enter system view. system-view N/A 2. Enable Telnet server. telnet server enable By default, the Telnet server is disabled. 3. Enter one or multiple VTY user interface views. user-interface vty first -number [ last-number ] N/A 4. Enable the none authentication mode. authentication-mode none By default, authentication mode for VTY user interfaces is password. 5. Configure the command level for login users on the current user interfaces. user privilege level level By default, the default command level is 0 for VTY user interfaces. 6. Configure common settings for the VTY user interfaces. See Configuring common settings for VTY user interfaces (optional) . Optional.
34
The next time you attempt to Telnet to the device, you do not need to provide any username or password,
as shown in Figure 13 . If the
maximum number of login users has been reached, your login attempt fails
and the message All user interfaces are used, please try later! appears.
Figure 13 Telneting to the device without authentication
Configuring password authentication for Telnet login
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable Telnet.
telnet server enable By default, the Telnet service is
disabled.
3.
Enter one or multiple VTY
user interface views. user-interface vty
first -number
[ last-number ] N/A
4.
Enable password
authentication. authentication-mode password By default, password
authentication is enabled for
VTY user interfaces.
5.
Set a password. set authentication password
{ cipher |
simple } password By default, no password is set.
6.
Configure the user privilege
level for login users. user privilege level
level The default level is 0.
7. Configure common settings
for VTY user interfaces. See
Configuring common settings for
VTY user interfaces (optional) .
Optional.
The next time you attempt to Telnet to the device, you must provide the configured login password, as
shown in
Figure 14. If the max
imum number of login users has been reached, your login attempt fails and
the message All user interfaces are used, please try later! appears.
35 Figure 14 Password authentication interface for Telnet login Configuring scheme authentication for Telnet login Follow these guidelines when you configure scheme authentication for Telnet login: • To make the command authorization or command accounting function take effect, apply an HWTACACS scheme to the intended ISP domain. This scheme must specify the IP address of the authorization server and other authorization parameters. • If the local authentication scheme is used, use the authorization-attribute level level command in local user view to set the user privilege level on the device. • If a RADIUS or HWTACACS authentication scheme is used, set the user privilege level on the RADIUS or HWTACACS server. To configure scheme authentication for Telnet login: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable Telnet. telnet server enable By default, the Telnet service is disabled. 3. Enter one or multiple VTY user interface views. user-interface vty first -number [ last-number ] N/A 4. Enable scheme authentication. authentication-mode scheme Whether local, RADIUS, or HWTACACS authentication is adopted depends on the configured AAA scheme. By default, local authentication is adopted.
36
Step Command Remarks
5. Enable command authorization. command authorization Optional.
By default, command authorization
is disabled. The commands
available for a user only depend on
the user privilege level.
If command authorization is
enabled, a command is available
only if the user has the
commensurate user privilege level
and is authorized to use the
command by the AAA scheme.
6.
Enable command accounting.
command accounting Optional.
By default, command accounting is
disabled. The accounting server
does not record the commands
executed by users.
Command accounting allows the
HWTACACS server to record all
executed commands that are
supported by the device,
regardless of the command
execution result. This function helps
control and monitor user behaviors
on the device. If command
accounting is enabled and
command authorization is not
enabled, every executed command
is recorded on the HWTACACS
server. If both command
accounting and command
authorization are enabled, only the
authorized and executed
commands are recorded on the
HWTACACS server.
7.
Exit to system view.
quit N/A
8. Apply an AAA authentication
scheme to the intended domain.
1. Enter ISP domain view:
domain domain-name
2. Apply an AAA scheme to
the domain:
authentication default
{ hwtacacs-scheme
hwtacacs-scheme -name
[ local ] | local | none |
radius-scheme
radius-scheme -name
[ local ] }
3. Exit to system view:
quit Optional.
By default, local authentication is
used.
For local authentication, configure
local user accounts.
For RADIUS or HWTACACS
authentication, configure the
RADIUS or HWTACACS scheme
on the device and configure
authentication settings (including
the username and password) on the
server.
For more information about AAA
configuration, see
Security
Configuration Guide .
37
Step Command Remarks
9. Create a local user and enter
local user view. local-user
user-name By default, no local user exists.
10. Set a password. password
{ cipher | simple }
password By default, no password is set.
11.
Specify the command level of
the local user. authorization-attribute level
level Optional.
By default, the command level is 0.
12.
Specify Telnet service for the
local user. service-type
telnet By default, no service type is
specified.
13.
Exit to system view.
quit N/A
14. Configure common settings for
VTY user interfaces. See
Configuring common
settings for VTY user interfaces
(optional) . Optional.
The next time you attempt to Telnet to the CLI, you must provide the configured login username and
password, as shown in Figure 15. If y
ou are required to pass a second authentication, you must also
provide the correct password to access the CLI. If the maximum number of login users has been reached,
your login attempt fails and the message All user interfaces are used, please try later! appears.
Figure 15 Scheme authentication interface for Telnet login
Configuring common settings for VTY user interfaces (optional)
You might be unable to access the CLI through a VTY user interface after configuring the auto-execute
command command on it. Before you configure the command and save the configuration, make sure you
can access the CLI through a different user interface.
To configure common settings for VTY user interfaces:
38
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable copyright information
display. copyright-info
enable By default, copyright information
display is enabled.
3.
Enter one or multiple VTY user
interface views. user-interface vty
first -number
[ last-number ] N/A
4.
Enable the terminal service.
shell Optional.
By default, terminal service is
enabled.
5.
Enable the user interfaces to
support Telnet, SSH, or both of
them. protocol inbound
{ all | ssh |
telnet } Optional.
By default, both Telnet and SSH
are supported.
The configuration takes effect the
next time you log in.
6.
Define a shortcut key for
terminating tasks. escape-key
{ default |
character } Optional.
By default, press
Ctrl+C to
terminate a task.
7. Configure the type of terminal
display. terminal type
{ ansi | vt100 } Optional.
By default, the terminal display
type is ANSI.
8.
Set the maximum number of lines
to be displayed on a screen. screen-length
screen-length Optional.
By default, a screen displays 24
lines.
A value of 0 disables the function.
9.
Set the size of command history
buffer. history-command max-size
value
Optional.
By default, the buffer saves 10
history commands.
10.
Set the idle-timeout timer.
idle-timeout minutes [ seconds ]
Optional.
The default idle-timeout is 10
minutes for all user interfaces.
The system automatically
terminates the user’s connection if
there is no information interaction
between the device and the user
within the timeout time.
Setting idle-timeout to 0 disables
the timer.