Can Telnet users log in to S series switches without entering the password when the authentication mode for the administrator domain is none

52

When the authentication mode for the administrator domain on an S series switch (except the S1700 switch) is set to none and the login authentication mode is set to AAA authentication in the user interface view, Telnet users cannot log in to the switch.
To enable Telnet users to log in to the switch without authentication, run the following command:
[HUAWEI] user-interface vty 0
[HUAWEI-ui-vty0] authentication-mode none

Other related questions:
Clear the password for console port login
You can use the two methods described on the right to clear the password for console port login. Method 1 is recommended.Method 1: Starting a Switch Through the BIOS Menu After starting a switch through the BIOS menu, you can log in to the switch through the console port without entering the password only this time. The original console port login password is still saved in the configuration file. 1.Connect the PC to the console port of the switch and restart the switch. When the following information is displayed, press Ctrl+B within 3 seconds and enter the BIOS password to access the BIOS main menu. Select Modify console password and enter y. The switch will restart. Press CTRL+B to enter BIOS menu: 1 Password: //The default BIOS password is Admin@huawei.com. Info: The entered password is the same as the default one. You are advised to change the password to ensure security. BIOS Menu (Version: 333) 1. Continue to boot 2. Update from serial interface 3. Update from ethernet interface 4. Modify startup parameters 5. File system 6. Modify stack parameters 7. Modify BIOS password 8. Modify console password 9. Restore factory defaults 10. Reboot Enter your choice(1-10): 8 Caution: A new console password must be set after the restart. Continue now? Yes(y) or No(n): y 2.When the following information is displayed, enter n, that is, do not set the password for logging in to the switch through the console port for the first time. An initial password is required for the first login via the console. Continue to set it? [Y/N]: n Warning: There is a risk on the user-interface which you login through. Please change the configuration of the user-interface as soon as possible. Method 2: Configuring the Non-Authentication Mode The non-authentication mode allows users to log in to the switch through the console port without authentication. Because this mode has security risks, you are advised to configure AAA or password authentication to enhance device security. system-view [~HUAWEI] user-interface console 0 [~HUAWEI-ui-console0] authentication-mode none [*HUAWEI-ui-console0] commit

Configure S series switches to send user names without a domain name to the RADIUS server for authentication
For S series switches (except S1700 switches), the format of a user name is user name@domain name. In the user name, @ is the domain name delimiter, which can also be any of the following symbols: \ / : < > | ' %. By default, a switch does not modify the user name entered by the user in the packets sent to the RADIUS server. If the RADIUS server does not accept user names with domain names, users who enter user names with domain names fail the RADIUS authentication. To solve the problem, perform the following configuration on the switch to make the switch send user names without domain names to the RADIUS server. [HUAWEI] radius-server template template1 [HUAWEI-radius-template1] undo radius-server user-name domain-included Note: You can modify this configuration only when the RADIUS server template is not in use.

Can S series switches enter the sleep mode
S series modular switches cannot enter the sleep mode. Some models of S series fixed switches can enter the sleep mode. The following lists switch models that support the sleep mode: 1. S5710-X-LI series switches 2. S5700S-28P-LI-AC, S5700S-52P-LI-AC, S5700S-28X-LI-AC, and S5700S-52X-LI-AC among the S5700S-LI series switches 3. S5700-28P-LI-AC, S5700-28TP-LI-AC, S5700-28P-LI-DC, S5700-52P-LI-AC, S5700-52P-LI-DC, S5700-28X-LI-AC, S5700-28X-LI-DC, S5700-52X-LI-AC, S5700-52X-LI-DC, and S5701-28X-LI-AC among the S5700LI series switches 4. S5720-28P-SI-AC, S5720-28X-SI-AC, S5720-28X-SI-DC, S5720-28X-SI-24S-AC, S5720-28X-SI-24S-DC, S5720-52P-SI-AC, S5720-52X-SI-DC, and S5720-52X-SI-AC among the S5720SI series switches 5. S5720S-28P-SI-AC, S5720S-28X-SI-AC, S5720S-28X-SI-DC, S5720S-52P-SI-AC, S5720S-52X-SI-DC, and S5720S-52X-SI-AC among the S5720S-SI series switches

The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication on an S series switch
The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication. For S series switches (except the S1700), such an authentication failure occurs because the entered user name does not contain a domain name. You need to check whether the user name on the authentication server contains a domain name. - If the user name on the authentication server contains a domain name, run the radius-server user-name domain-included command in the RADIUS server template view or run the hwtacacs-server user-name domain-included command in the HWTACACS server template view. - If the user name on the authentication server does not contain a domain name, run the undo radius-server user-name domain-included command in the RADIUS server template view or run the undo hwtacacs-server user-name domain-included command in the HWTACACS server template view.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top