Configure the connection timeout period for Telnet users on S series switches configured with AAA authentication

1

In general, you can run the idle-time out command in the VTY interface view of an S series switch (except the S1700 switch) to configure the connection timeout period for Telnet users. However, when AAA authentication is configured, the value of the idle-timeout parameter set in the VTY interface view is invalid. The value of the idle-timeout parameter set in the AAA view takes effect.

Other related questions:
How to set the connection timeout interval for Telnet users on the switch where AAA is configured
You can specify idle-timeout in the VTY view to set the connection timeout interval for Telnet users. If Authentication, Authorization, and Accounting (AAA) is configured, the configured value of idle-timeout in the VTY view does not take effect. Instead, the value of idle-timeout configured in the AAA view takes effect.

Configure AAA authentication schemes on S series switches
Configure an AAA authentication scheme on an S series switch (except the S1700 switch) as follows: [HUAWEI] aaa [HUAWEI-aaa] authentication-scheme scheme1 //Create an AAA authentication scheme. [HUAWEI-aaa-authen-scheme1] authentication-mode local //Set the authentication mode to local authentication.

Telnet timeout period configuration method on an AR router
In the user interface view, run the idle-timeout < minutes > [< seconds >] command to set user connection timeout period. By default, the user connection timeout period is five minutes. If the period is set to 0 or the value is too long, a terminal will hang in login state, which poses a security risk. You are advised to run a lock command to lock the current connection.

Configuration of the aging timeout period on a user-defined service of the USG9520
You can set the session timeout period of a user-defined port by configuring the persistent connection function on the USG9520. The operation is as follows: 1. In the user view, run the system-view command to enter the system view. 2. Run the security-policy command to enter the security policy view. 3. Run the rule name rule-name command to create a security policy rule and enter the rule view. 4, Run the long-link enable command to enable the persistent connection function. 5. Run the long-link aging-time interval command to set the aging time for persistent connections.

How to configure multiple AAA authentication modes on a CE series switch
CE series switches support multiple authentication modes. If multiple authentication modes are configured in an authentication scheme, the authentication modes take effect in the sequence in which they are configured. A switch uses another authentication mode only when no response is received in the previous authentication mode. However, if authentication fails, the switch does not use another authentication mode.

For example, you can configure RADIUS authentication and local authentication in authentication scheme scheme0.

<HUAWEI> system-view
[~HUAWEI] aaa
[~HUAWEI-aaa] authentication-scheme scheme0
[*HUAWEI-aaa-authen-scheme0] authentication-mode radius local
[*HUAWEI-aaa-authen-scheme0] commit

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top