Example for Configuring Switch Login Through a Console Port

Created Feb 28, 2019 15:17:59 5 0 0 0

Overview

After a PC is connected to a switch through a dedicated console cable, you can perform login configurations and use the PC to manage the switch.

Logging in through a console port is a basic login mode and forms the basis of other login modes such as Telnet and STelnet. When you log in to a switch for the first time or if you cannot remotely log in to a switch, you can log in to the switch through a console port.

Configuration Notes

  • Prepare a console cable. If you use a laptop or a PC without a serial port, prepare a USB to serial cable and install the driver stored on the CD-ROM (delivered with the cable) according to instructions.
  • Install the terminal emulation software on the PC. You can use the built-in HyperTerminal of Windows 2000 on the PC. If no built-in terminal emulation software is available, prepare the terminal emulation software. For details on how to use terminal emulation software, see the related usage guide or online help. The third-party software SecureCRT is used as an example here.
  • This example applies to switches that support the console interface.
imgDownload?uuid=90da3d4823ee4a03a4bb491 NOTE:

The following uses the command lines and outputs of the S7700 running V200R006C00 as an example.

Networking Requirements

The IT maintenance department of a company purchases S series switches, which are configured by network administrators. A network administrator usually logs in to a new switch through a console port and then performs initial configurations.

As shown in Figure 3-2, the serial port of a PC is connected to the console port of the Switch through a console cable. The user wants to log in to the Switch through the console port and requires local authentication upon the next login. To facilitate remote maintenance on the Switch, the user wants to configure the Telnet function.

Figure 3-2  Networking diagram for configuring switch login through a console port 
imgDownload?uuid=2ec6601b4d4e45358710c61

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure terminal emulation software, set the connected port and communication parameters, and log in to the Switch.

  2. Configure basic information for the Switch, including the date, time, time zone, and name, to facilitate management.

  3. Configure an authentication mode for the console user interface so that the user is authenticated upon the next login through the console port.
  4. Configure the management IP address and Telnet to facilitate remote maintenance on the Switch.

Procedure

  1. Connect the DB9 female connector of the console cable to the serial port (COM) on the PC, and connect the RJ45 connector to the console port on the switch, as shown in Figure 3-3.

    Figure 3-3  Connecting to the switch through the console port 
    imgDownload?uuid=00b1aedb5975467ca8ee25e
    imgDownload?uuid=90da3d4823ee4a03a4bb491 NOTE:
    • If you use a laptop or a PC without a serial port, prepare a USB to serial cable. Install the driver stored on the CD-ROM (delivered with the cable) according to instructions, connect the USB-DB9 female connector of the cable to the USB port on the PC, and connect the RJ-45 connector to the console port on the switch.
    • If the switch has two MPUs, you can log in to the switch through the console port on either of the two MPUs.

  2. Configure terminal emulation software and log in to the Switch.

    Start terminal emulation software (SecureCRT is used as an example) on the PC. Establish a connection, and set the connected port and communication parameters. Table 3-2 lists the default attribute settings of a console port.

    Table 3-2  Default attribute settings of a console port
    ParameterDefault Setting
    Baud rate9600 bit/s
    Flow ControlNone
    Parity

    In V200R009 and earlier versions, authentication is not performed by default. In V200R010 and later versions, AAA authentication is used by default, the default user name is admin, and the default password is admin@huawei.com.

    Stop bits1
    Data bits8

    1. Click imgDownload?uuid=e322e86d94684c34bba39e1 to establish a connection, as shown in Figure 3-4.

      Figure 3-4  Establishing a connection 
      imgDownload?uuid=24e3667fa7b24abeb67a8d9

    2. Set the connected port and communication parameters, as shown in Figure 3-5.

      Select the connected port based on actual situations. For example, you can view port information in Device Manager in the Windows operating system, and select the connected port.

      Communication parameters of terminal emulation software must be consistent with the default attribute settings of the console port on the Switch, which are 9600 bit/s transmission rate, 8 data bits, 1 stop bit, no parity check, and no flow control.

      imgDownload?uuid=90da3d4823ee4a03a4bb491 NOTE:

      By default, no flow control mode is configured on the switch. Because RTS/CTS is selected in the software by default, you need to deselect RTS/CTS; otherwise, you cannot enter commands.

      Figure 3-5  Setting the connected port and communication parameters 
      imgDownload?uuid=ab83971d02e048eb88e8047

    3. Click Connect. In V200R009 and earlier versions, the following information will be displayed, prompting you to configure a login password. There is no default password for first login. You need to configure a login password. (The following output is only for reference.)

      An initial password is required for the first login via the console.
      Continue to set it? [Y/N]: y   //Configure the login password.Set a password and keep it safe. Otherwise you will not be able to login via the console.
      
      Please configure the login password (8-16)                                      
      Enter Password:             
      Confirm Password:                                         
      <HUAWEI>       

      In V200R010 and later versions, the system prompts you to enter the user name and password. The default user name for first login is admin and password is admin@huawei.com. You must reconfigure the password during first login. If you have already configured a password, use it for subsequent logins. (The following output is only for reference.)

      Login authentication 
      
      
      Username:adminPassword:      //Enter the default password admin@huawei.com.Warning: The default password poses security risks.
      The password needs to be changed. Change now? [Y/N]: y   //Change the login password.Please enter old password:    //Enter the default password admin@huawei.com.Please enter new password:    //Enter the new password.Please confirm new password:    //Enter the new password again.The password has been changed successfully
      <HUAWEI>
      • The value is a string of 8 to 16 case-sensitive characters without spaces. The password must contain at least two types of the following: upper-case and lower-case letters, digits, and special characters except the question mark (?).
      • The password entered in interactive mode is not displayed on the screen.
      • When you log in to the switch again in password authentication mode, enter the password set during the initial login if you have not modified the authentication mode and password.

      You can run commands to configure the Switch. Enter a question mark (?) whenever you need help.

  3. Configure basic information for the Switch.

    # Set the date, time, time zone, and name.

    imgDownload?uuid=90da3d4823ee4a03a4bb491 NOTE:

    The time zone varies depending on the location of a switch. Set the time zone based on the site requirements. The following information is only for reference.

    <HUAWEI> clock timezone BJ add 08:00:00    //BJ is the name of the time zone, and 08:00:00 indicates that the local time is 8 plus the system default UTC time zone.<HUAWEI> clock datetime 10:10:00 2014-07-26    //Set the current date and time. Before setting the current time, check the time zone and set a correct time zone offset to ensure the correct local time.<HUAWEI> system-view[HUAWEI] sysname Switch    //Set the switch name to Switch.

  4. Configure an authentication mode for the console user interface. (In V200R010 and later versions, the default authentication mode for the console user interface is AAA authentication. The method of changing the authentication mode is similar and is not provided here.)

    # Set the authentication mode of the console interface to AAA, and create a local user.

    [Switch] user-interface console 0[Switch-ui-console0] authentication-mode aaa    //Set the authentication mode of the user to AAA.[Switch-ui-console0] quit[Switch] aaa[Switch-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789    //Create a local user named admin1234 and set its password to Helloworld@6789. Versions earlier than V200R003 support only the cipher keyword but do not support irreversible-cipher.[Switch-aaa] local-user admin1234 privilege level 15    //Set the user level to 15.[Switch-aaa] local-user admin1234 service-type terminal    //Set the access type to terminal, that is, console user.[Switch-aaa] quit

  5. Configure the management IP address and Telnet.

    # Configure the management IP address.

    [Switch] vlan 10[Switch-vlan10]  interface vlanif 10    //Configure VLANIF 10 as the management interface.[Switch-Vlanif10] ip address 10.1.1.1 24[Switch-Vlanif10] quit[Switch] interface gigabitethernet 0/0/10    //GE0/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements.[Switch-GigabitEthernet0/0/10] port link-type access    //Set the interface type to access.[Switch-GigabitEthernet0/0/10] port default vlan 10    //Add GE0/0/10 to VLAN 10.[Switch-GigabitEthernet0/0/10] quit

    # Configure the Telnet function.

    [Switch] telnet server enable    //Enable Telnet.[Switch] user-interface vty 0 4    //Enter the user interface views of VTY 0 to VTY 4.[Switch-ui-vty0-4] user privilege level 15    //Set the level of users in VTY 0 to VTY 4 to 15.[Switch-ui-vty0-4] authentication-mode aaa    //Set the authentication mode of users in VTY 0 to VTY 4 to AAA.[Switch-ui-vty0-4] quit[Switch] aaa[Switch-aaa] local-user admin123 password irreversible-cipher Huawei@6789    //Create a local user named admin1234 and set its password to Huawei@6789. Versions earlier than V200R003 support only the cipher keyword but do not support irreversible-cipher.[Switch-aaa] local-user admin123 privilege level 15    //Set the user level to 15.[Switch-aaa] local-user admin123 service-type telnet    //Set the access type to telnet, that is, Telnet user.[Switch-aaa] quit

  6. Verify the configuration.

    When logging in to the switch again through the console port after completing the configuration, you need to enter the user name and authentication password configured in the preceding steps to pass identity authentication and log in to the switch successfully. You can also log in to the switch using Telnet.

Configuration Files

Switch configuration file

#
sysname Switch
#
vlan batch 10
#
telnet server enable
#
clock timezone BJ add 08:00:00
#
aaa
 local-user admin123 password irreversible-cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj+,$>NP>63de|G~ws,9G%^%#
 local-user admin123 privilege level 15
 local-user admin123 service-type telnet
 local-user admin1234 password irreversible-cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj+,$>NP>63de|G~ws,9G%^%#
 local-user admin1234 privilege level 15
 local-user admin1234 service-type terminal
#
interface Vlanif10
 ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/10
 port link-type access
 port default vlan 10
#
user-interface con 0
 authentication-mode aaa
user-interface vty 0 4
 authentication-mode aaa
 user privilege level 15 
#
return

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Responses

Reply
You need to log in to reply to the post Login | Register

Notice:To ensure the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but not limited to politically sensitive content, content concerning pornography, gambling, drug abuse and trafficking, content that may disclose or infringe upon others' intellectual properties, including commercial secrets, trade marks, copyrights, and patents, and personal privacy. Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see“ Privacy Policy.”
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top