How it Works
3COM
Loading...
4500
User Manual
742 pgs13.79 Mb1
Table of contents
Loading...

3COM 4500 User Manual

Switch 4500 26-Port
Switch 4500 50-Port
Switch 4500 PWR 26-Port
Switch 4500 PWR 50-Port
3Com Switch 4500 Family
Configuration Guide
Product Version: V03.03.00
6W101-20090811 www.3com.com
3Com Corporation
350 Campus Drive, Marlborough, MA, USA 01752 3064
Copyright © 2006-2009, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herei n are provided to you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
Environmental Statement about the Documentation
The documentation for this product is printed on paper that comes from sustainable, managed forests; it is fully biodegradable and recyclable, and is completely chlorine-free. The varnish is environmentally-friendly, and the inks are vegetable-based with a low heavy-metal content.
About This Manual
Organization
3Com Switch 4500 Family Configuration Guide is organized as follows:
Part Contents
1 Login
2 Configuration File Management Introduces configuration file and the related configuration.
3 VLAN Introduces VLAN and related configuration.
4 IP Address and Performance Optimization
5 Voice VLAN Introduces voice VLAN and the related configuration.
6 Port Basic Configuration Introduces port basic configuration.
7 Link Aggregation Introduces link aggregation and the related configuration.
8 Port Isolation Introduces port isolation and the related configuration.
9 Port Security Introduces port security and the related configuration.
10 DLDP Introduces DLDP and the related configuration.
11 MAC Address Table Management
12 Auto Detect
13 MSTP Introduces STP, MSTP, and the related configuration.
Introduces the ways to log into an Ethernet switch and CLI related configuration.
Introduces IP address and IP performance optimization related configuration
Introduces MAC address forwarding table management and the related configuration
Introduces auto detect function and the related configuration.
14 Routing Protocol
15 Multicast
16 802.1x and System Guard Introduces 802.1x and the related configuration.
17 AAA
18 MAC Address Authentication
19 ARP Introduces ARP and the related configuration.
20 DHCP
21 ACL Introduces ACL and the related configuration.
22 QoS Introduces QoS and the related configuration.
23 Mirroring Introduces mirroring and the related configuration.
24 XRN Fabric Introduces XRN fabric and the related configuration.
25 Cluster Introduces cluster and the related configuration.
Introduces static routing protocol, RIP, routing policy, and the related configuration.
Introduces multicast, IGMP snooping, and the related configuration.
Introduces AAA, RADIUS, EAD, and the related configurations.
Introduces MAC address authentication and the related configuration.
Introduces DHCP relay agent, DHCP Snooping, DHCP/BOOTP client, and the related configuration.
26 PoE-PoE Profile Introduces PoE, PoE profile and the related configuration.
Part Contents
27 UDP Helper Introduces UDP helper and the related configuration.
28 SNMP-RMON
29 NTP Introduces NTP and the related configuration.
30 SSH Introduces SSH2.0 and the related configuration.
31 File System Management Introduces basic configuration for file system management.
32 FTP-SFTP-TFTP
33 Information Center Introduces information center and the related configuration.
34 System Maintenance and Debugging
35 VLAN-VPN
36 Remote-ping Introduces Remote-ping and the related configuration.
37 IPv6 Management
38 Access Management
39 Appendix Lists the acronyms used in this manual
Introduces the configuration for network management through SNMP and RMON
Introduces basic configuration for FTP, SFTP and TFTP, and the applications.
Introduces system maintenance and debugging.
Introduces VLAN-VPN, selective QinQ, and the related configuration.
Introduces IPv6, IPv6 applications, and the related configuration.
Introduces Access Management and the related configuration.
Conventions
The manual uses the following conventions:

Command conventions

Convention Description
Boldface
italic
[ ] Items (keywords or arguments) in square brackets [ ] are optional.
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... } *
[ x | y | ... ] *
The keywords of a command line are in Boldface. Command arguments are in italic.
Alternative items are grouped in braces and separated by vertical bars. One is selected.
Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected.
Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.
Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.
&<1-n>
# A line starting with the # sign is comments.
The argument(s) before the ampersand (&) sign can be entered 1 to n times.

GUI conventions

Convention Description
< > Button names are inside angle brackets. For example, click <OK>.
[ ]
/

Symbols

Convention Description
Related Documentation
In addition to this manual, each 3com Switch 4500 documentation set includes the following:
Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window.
Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].
Means reader be extremely careful. Improper operation may cause bodily injury.
Means reader be careful. Improper operation may cause data loss or damage to equipment.
Means a complementary description.
Manual Description
3Com Switch 4500 Family Command Reference Guide
3Com Switch 4500 Family Quick Reference Guide
3Com Switch 4500 Family Getting Started Guide
3Com Switch 4500 Family Release Notes
Obtaining Documentation
You can access the most up-to-date 3Com product documentation on the World Wide Web at this URL: http://www.3com.com.
Provide detailed descriptions of command line interface (CLI) commands, that you require to manage your switch.
Provide a summary of command line interface (CLI) commands that are required for you to manage your Stackable Switch.
This guide provides all the information you need to install and use the 3Com Switch 4500 Family.
Contain the latest information about your product. If information in this guide differs from information in the release notes, use the information in the Release Notes.
Table of Contents
1 Logging In to an Ethernet Switch ············································································································1-1
Logging In to an Ethernet Switch ············································································································1-1 Introduction to the User Interface············································································································1-1
Supported User Interfaces ··············································································································1-1 Relationship Between a User and a User Interface ········································································1-2 User Interface Index ························································································································1-2 Common User Interface Configuration····························································································1-3
2 Logging In Through the Console Port·····································································································2-1
Introduction ·············································································································································2-1 Setting Up a Login Environment for Login Through the Console Port····················································2-1 Console Port Login Configuration ···········································································································2-3
Common Configuration····················································································································2-3 Console Port Login Configurations for Different Authentication Modes ·················································2-5 Console Port Login Configuration with Authentication Mode Being None··············································2-6
Configuration Procedure··················································································································2-6
Configuration Example ····················································································································2-6 Console Port Login Configuration with Authentication Mode Being Password ······································2-7
Configuration Procedure··················································································································2-7
Configuration Example ····················································································································2-8 Console Port Login Configuration with Authentication Mode Being Scheme·········································2-9
Configuration Procedure··················································································································2-9
Configuration Example ··················································································································2-10
3 Logging In Through Telnet·······················································································································3-1
Introduction ·············································································································································3-1 Common Configuration to Control Telnet Access···················································································3-1
Telnet Configurations for Different Authentication Modes·······························································3-3 Telnet Configuration with Authentication Mode Being None ··································································3-4
Configuration Procedure··················································································································3-4
Configuration Example ····················································································································3-4 Telnet Configuration with Authentication Mode Being Password ···························································3-5
Configuration Procedure··················································································································3-5
Configuration Example ····················································································································3-6 Telnet Configuration with Authentication Mode Being Scheme······························································3-7
Configuration Procedure··················································································································3-7
Configuration Example ····················································································································3-8 Telnetting to a Switch······························································································································3-9
Telnetting to a Switch from a Terminal····························································································3-9
Telnetting to another Switch from the Current Switch···································································3-11
4 Logging In Using a Modem·······················································································································4-1
Introduction ·············································································································································4-1 Configuration on the Switch Side············································································································4-1
Modem Configuration ······················································································································4-1
i
Switch Configuration························································································································4-2 Modem Connection Establishment ·········································································································4-2
5 CLI Configuration ······································································································································5-1
Introduction to the CLI·····························································································································5-1 Command Hierarchy ·······························································································································5-1
Command Level and User Privilege Level ······················································································5-1
Modifying the Command Level········································································································5-2
Switching User Level ·······················································································································5-3 CLI Views ················································································································································5-5 CLI Features ···········································································································································5-8
Online Help······································································································································5-8
Terminal Display······························································································································5-9
Command History··························································································································5-10
Error Prompts ································································································································5-10
Command Edit·······························································································································5-11
6 Logging In Through the Web-based Network Management Interface ·················································6-1
Introduction ·············································································································································6-1 Establishing an HTTP Connection ··········································································································6-1 Configuring the Login Banner ·················································································································6-2
Configuration Procedure··················································································································6-2
Configuration Example ····················································································································6-3 Enabling/Disabling the WEB Server ·······································································································6-3
7 Logging In Through NMS··························································································································7-1
Introduction ·············································································································································7-1 Connection Establishment Using NMS ···································································································7-1
8 Configuring Source IP Address for Telnet Service Packets·································································8-1
Overview ·················································································································································8-1 Configuring Source IP Address for Telnet Service Packets ···································································8-1 Displaying Source IP Address Configuration··························································································8-2
9 User Control···············································································································································9-1
Introduction ·············································································································································9-1 Controlling Telnet Users ·························································································································9-1
Introduction······································································································································9-1
Controlling Telnet Users by ACL ·····································································································9-2
Configuration Example ····················································································································9-3 Controlling Network Management Users by Source IP Addresses ························································9-3
Prerequisites····································································································································9-4
Controlling Network Management Users by Source IP Addresses·················································9-4
Configuration Example ····················································································································9-4 Controlling Web Users by Source IP Address ························································································9-5
Prerequisites····································································································································9-5
Controlling Web Users by Source IP Addresses·············································································9-5
Logging Out a Web User·················································································································9-6
Configuration Example ····················································································································9-6
ii

1 Logging In to an Ethernet Switch

Go to these sections for information you are interested in:
z Logging In to an Ethernet Switch
z Introduction to the User Interface

Logging In to an Ethernet Switch

To manage or configure a Switch 4500, you can log in to it in one of the following three methods:
z Command Line Interface
z Web-based Network Management Interface
z Network Management Station
The following table shows the configurations corresponding to each method:
Method Tasks
Command Line Interface
Web-based Network Management Interface
Network Management Station Logging In Through NMS

Introduction to the User Interface

Supported User Interfaces
Logging In Through the Console Port
Logging In Through Telnet
Logging In Using a Modem
CLI Configuration
Logging In Through the Web-based Network Management Interface
The auxiliary (AUX) port and the console port of a 3Com low-end and mid-range Ethernet switch are the
same port (referred to as console port in the following part). You will be in the AUX user interface if you
log in through this port.
Switch 4500 supports two types of user interfaces: AUX and VTY.
z AUX user interface: A view when you log in through the AUX port. AUX port is a line device port.
z Virtual type terminal (VTY) user interface: A view when you log in through VTY. VTY port is a
logical terminal line used when you access the device by means of Telnet or SSH.
1-1
Table 1-1 Description on user interface
User interface Applicable user Port used Remarks
AUX
Users logging in through the console port
VTY Telnet users and SSH users Ethernet port
One user interface corresponds to one user interface view, where you can configure a set of parameters,
such as whether to authenticate users at login and the user level after login. When the user logs in
through a user interface, the connection follows these parameter settings, thus implementing
centralized management of various sessions.
Relationship Between a User and a User Interface
You can monitor and manage users logging in through different modes by setting different types of user
interfaces. Switch 4500 provides one AUX user interface and five VTY user interfaces.
z A user interface does not necessarily correspond to a specific user.
z When a user logs in, the system automatically assigns the user a free user interface with the
smallest number based on the user login mode. The login process of the user is restricted by the
configurations under this user interface.
z The user interface assigned to a user depending on the login mode and login time.
Console port
Each switch can accommodate one AUX user.
Each switch can accommodate up to five VTY users.
A user interface can be used by one user at one time, however, the user interface is not dedicated to a
specific user. For example, user A can use VTY 0 to log in to the device. When user A logs out, user B
can use VTY 0 to log in to the device.
User Interface Index
Two kinds of user interface index exist: absolute user interface index and relative user interface index.
1) The absolute user interface indexes are as follows:
z The absolute AUX user interfaces are numbered 0 through 7.
z VTY user interface indexes follow AUX user interface indexes. The first absolute VTY user
interface is numbered 8, the second is 9, and so on.
2) A relative user interface index can be obtained by appending a number to the identifier of a user
interface type. It is generated by user interface type. The relative user interface indexes are as
follows:
z AUX user interfaces are numbered from AUX0 to AUX7.
z VTY user interfaces are numbered VTY0, VTY1, and so on.
Switch 4500 supports XRN Fabric. A Fabric can contain up to eight devices. Accordingly, the AUX user
interfaces in a Fabric can be numbered from AUX0 to AUX7, through which all the console ports of the
units in a Fabric can be identified. Refer to the XRN Fabric part for information about Fabric.
1-2
Common User Interface Configuration
Follow these steps to configure common user interface:
To do… Use the command… Remarks
Lock the current user interface
lock
Optional
Available in user view
A user interface is not locked by default.
Specify to send messages to all user interfaces/a
send { all | number | type number }
specified user interface
Free a user interface free user-interface [ type ] number
Enter system view
Set the banner
Set a system name for the switch
Enable copyright information displaying
Enter user interface view
system-view
header [ incoming | legal | login | shell ] text
sysname string
copyright-info enable
user-interface [ type ] first-number
[ last-number ]
Display the information about the current user
display users [ all ]
interface/all user interfaces
Optional
Available in user view
Optional
Available in user view
Optional
By default, no banner is configured
Optional
Optional
By default, copyright displaying is enabled. That is, the copy right information is displayed on the terminal after a user logs in successfully.
Display the physical attributes and configuration of the current/a specified user interface
Display the information about the current web users
display user-interface [ type number | number ]
display web users
1-3
Optional
Available in any view.

2 Logging In Through the Console Port

Go to these sections for information you are interested in:
z Introduction
z Setting Up a Login Environment for Login Through the Console Port
z Console Port Login Configuration
z Console Port Login Configuration with Authentication Mode Being None
z Console Port Login Configuration with Authentication Mode Being Password
z Console Port Login Configuration with Authentication Mode Being Scheme

Introduction

To log in through the console port is the most common way to log in to a switch. It is also the prerequisite
to configure other login methods. By default, you can locally log in to Switch 4500 through its console
port only.
Table 2-1 lists the default settings of a console port.
Table 2-1 The default settings of a console port
Setting Default
Baud rate 19,200 bps
Flow control None
Check mode (Parity) None
Stop bits 1
Data bits 8
To log in to a switch through the console port, make sure the settings of both the console port and the
user terminal are the same.
After logging in to a switch, you can perform configuration for AUX users. Refer to
Configuration
for more.
Console Port Login

Setting Up a Login Environment for Login Through the Console Port

Following are the procedures to connect to a switch through the console port.
1) Connect the serial port of your PC/terminal to the console port of the switch, as shown in
2-1.
Figure 2-1 Diagram for connecting to the console port of a switch
2-1
Figure
2) If you use a PC to connect to the console port, launch a terminal emulation utility (such as Terminal
in Windows 3.X or HyperTerminal in Windows 9X/Windows 2000/Windows XP. The following
assumes that you are running Windows XP) and perform the configuration shown in
through
the PC and the console port of the switch) are configured as those listed in
Figure 2-4 for the connection to be created. Normally, both sides (that is, the serial port of
Table 2-1.
Figure 2-2
Figure 2-2 Create a connection
Figure 2-3 Specify the port used to establish the connection
2-2
Figure 2-4 Set port parameters
3) Turn on the switch. You will be prompted to press the Enter key if the switch successfully
completes POST (power-on self test). The prompt appears after you press the Enter key.
4) You can then configure the switch or check the information about the switch by executing the
corresponding commands. You can also acquire help by typing the ? character. Refer to related
parts in this manual for information about the commands used for configuring the switch.

Console Port Login Configuration

Common Configuration
Table 2-2 Common configuration of console port login
Configuration Remarks
Baud rate
Check mode Console port configuration
Stop bits
Optional
The default baud rate is 19,200 bps.
Optional
By default, the check mode of the console port is set to “none”, which means no check bit.
Optional
The default stop bits of a console port is 1.
AUX user interface configuration
Terminal configuration
Data bits
Configure the
command level
available to the
users logging in to
the AUX user
interface
Make terminal
services available
Optional
The default data bits of a console port is 8.
Optional
By default, commands of level 3 are available to the users logging in to the AUX user interface.
Optional
By default, terminal services are available in all user interfaces
2-3
Configuration Remarks
Set the maximum
number of lines the
screen can contain
Set history
command buffer
size
Set the timeout time
of a user interface
Optional
By default, the screen can contain up to 24 lines.
Optional
By default, the history command buffer can contain up to 10 commands.
Optional
The default timeout time is 10 minutes.
The change to console port configuration takes effect immediately, so the connection may be
disconnected when you log in through a console port and then configure this console port. To configure
a console port, you are recommended to log in to the switch in other ways. To log in to a switch through
its console port after you modify the console port settings, you need to modify the corresponding
settings of the terminal emulation utility running on your PC accordingly in the dialog box shown in
Figure 2-4.
Follow these steps to set common configuration of console port login:
To do… Use the command… Remarks
Enter system view
system-view
Enter AUX user interface view user-interface aux 0
Set the baud rate
speed speed-value
Optional
The default baud rate of a console port is 19,200 bps.
Optional
Configure the console
Set the check mode
parity { even | none | odd }
By default, the check mode of a
console port is none, that is, no
check is performed.
port
Set the stop bits stopbits { 1 | 1.5 | 2 }
Optional
The stop bits of a console port is 1.
Optional
Set the databits databits { 7 | 8 }
The default databits of a console port is 8.
Optional
Configure the command level available to users logging in to the user interface
user privilege level level
By default, commands of level 3 are available to users logging in to the AUX user interface, and commands of level 0 are available to users logging in to the VTY user interface.
Enable terminal services
shell
Optional
By default, terminal services are available in all user interfaces.
2-4
To do… Use the command… Remarks
Optional
By default, the screen can contain up Set the maximum number of lines the screen can contain
Set the history command buffer size
Set the timeout time for the user interface
screen-length screen-length
history-command max-size value
idle-timeout minutes
[ seconds ]
to 24 lines.
You can use the screen-length 0
command to disable the function to
display information in pages.
Optional
The default history command buffer
size is 10, that is, a history command
buffer of a user can store up to 10
commands by default.
Optional
The default timeout time of a user
interface is 10 minutes.
With the timeout time being 10
minutes, the connection to a user
interface is terminated if no operation
is performed in the user interface
within 10 minutes.
You can use the idle-timeout 0
command to disable the timeout
function.

Console Port Login Configurations for Different Authentication Modes

Table 2-3 Console port login configurations for different authentication modes
Authentication
mode
None Set the authentication mode to none
Password
Scheme
Authentication related configuration Remarks
Optional
Console Port
Console Port
Console Port
Set the authentication mode to local password authentication
Set the password for local authentication
Set the authentication mode to scheme
Specify to perform local authentication or
remote authentication
Set user names and passwords locally or on AAA Server
Refer to
Login Configuration with Authentication Mode Being None
Refer to
Login Configuration with Authentication Mode Being Password.
Refer to
Login Configuration with Authentication Mode Being Scheme
.
2-5
Changes made to the authentication mode for console port login takes effect after you quit the
command-line interface and then log in again.

Console Port Login Configuration with Authentication Mode Being None

Configuration Procedure
Follow these steps to configure console port login with the authentication mode being none:
To do… Use the command… Remarks
Enter system view
Enter AUX user interface view user-interface aux 0
Configure not to authenticate users
Configuration Example
Network requirements
Assume that the switch is configured to allow users to log in through Telnet, and the current user level is
set to the administrator level (level 3). Perform the following configurations for users logging in through
the console port (AUX user interface).
z Do not authenticate the users.
z Commands of level 2 are available to the users logging in to the AUX user interface.
z The baud rate of the console port is 19,200 bps.
z The screen can contain up to 30 lines.
z The history command buffer can contain up to 20 commands.
z The timeout time of the AUX user interface is 6 minutes.
system-view
authentication-mode none
Required
By default, users logging in through
the console port (AUX user interface)
are not authenticated.
2-6
Network diagram
Figure 2-5 Network diagram for AUX user interface configuration (with the authentication mode being
none)
Configuration PC
running Telnet
Configuration procedure
GE1/0/1
Ethernet
# Enter system view.
<Sysname> system-view
# Enter AUX user interface view.
[Sysname] user-interface aux 0
# Specify not to authenticate users logging in through the console port.
[Sysname-ui-aux0] authentication-mode none
# Specify commands of level 2 are available to users logging in to the AUX user interface.
[Sysname-ui-aux0] user privilege level 2
# Set the baud rate of the console port to 19,200 bps.
[Sysname-ui-aux0] speed 19200
# Set the maximum number of lines the screen can contain to 30.
[Sysname-ui-aux0] screen-length 30
# Set the maximum number of commands the history command buffer can store to 20.
[Sysname-ui-aux0] history-command max-size 20
# Set the timeout time of the AUX user interface to 6 minutes.
[Sysname-ui-aux0] idle-timeout 6
After the above configuration, you need to modify the configuration of the terminal emulation utility
running on the PC accordingly in the dialog box shown in
Figure 2-4 to log in to the switch successfully.

Console Port Login Configuration with Authentication Mode Being Password

Configuration Procedure
Follow these steps to configure console port login with the authentication mode being password:
2-7
To do… Use the command… Remarks
Enter system view
Enter AUX user interface view
Configure to authenticate users using the local password
Set the local password
Configuration Example
Network requirements
Assume the switch is configured to allow users to log in through Telnet, and the user level is set to the
administrator level (level 3). Perform the following configurations for users logging in through the
console port (AUX user interface).
system-view
user-interface aux 0
Required
By default, users logging in to a switch
authentication-mode password
through the console port are not authenticated; while those logging in through Modems or Telnet are authenticated.
set authentication password { cipher |
Required
simple } password
z Authenticate the users using passwords.
z Set the local password to 123456 (in plain text).
z The commands of level 2 are available to the users.
z The baud rate of the console port is 19,200 bps.
z The screen can contain up to 30 lines.
z The history command buffer can store up to 20 commands.
z The timeout time of the AUX user interface is 6 minutes.
Network diagram
Figure 2-6 Network diagram for AUX user interface configuration (with the authentication mode being
password)
GE1/0/1
Ethernet
Configuration PC
running Telnet
Configuration procedure
# Enter system view.
2-8
<Sysname> system-view
# Enter AUX user interface view.
[Sysname] user-interface aux 0
# Specify to authenticate users logging in through the console port using the local password.
[Sysname-ui-aux0] authentication-mode password
# Set the local password to 123456 (in plain text).
[Sysname-ui-aux0] set authentication password simple 123456
# Specify commands of level 2 are available to users logging in to the AUX user interface.
[Sysname-ui-aux0] user privilege level 2
# Set the baud rate of the console port to 19,200 bps.
[Sysname-ui-aux0] speed 19200
# Set the maximum number of lines the screen can contain to 30.
[Sysname-ui-aux0] screen-length 30
# Set the maximum number of commands the history command buffer can store to 20.
[Sysname-ui-aux0] history-command max-size 20
# Set the timeout time of the AUX user interface to 6 minutes.
[Sysname-ui-aux0] idle-timeout 6
After the above configuration, you need to modify the configuration of the terminal emulation utility
running on the PC accordingly in the dialog box shown in
Figure 2-4 to log in to the switch successfully.

Console Port Login Configuration with Authentication Mode Being Scheme

Configuration Procedure
Follow these steps to configure console port login with the authentication mode being scheme:
To do… Use the command… Remarks
Enter system view
system-view
Enter AUX user interface view user-interface aux 0
Configure to authenticate users in the scheme mode
authentication-mode scheme [ command­authorization ]
Required
The specified AAA scheme determines what authentication mode is adopted, local or RADIUS.
By default, users logging in through the console port (AUX user interface) are not authenticated.
Quit to system view
quit
2-9
To do… Use the command… Remarks
Enter the default ISP domain view
Specify the AAA scheme to be applied to the domain
Configure the authenticati on mode
Quit to system view
Create a local user (Enter local user view.)
Set the authentication password for the local user
domain domain-name
scheme { local | none | radius-scheme
radius-scheme-name [ local ] }
quit
local-user user-name
password { simple | cipher }
password
Optional
By default, the local AAA scheme is applied.
If you specify to apply the local AAA scheme, you need to perform the configuration concerning local user as well.
If you specify to apply a RADIUS scheme, you need to perform the following configuration as well:
z Perform RADIUS
configuration on the switch. (Refer to the AAA part for more.)
z Configure the user name and
password accordingly on the AAA server. (Refer to the user manual of AAA server.)
Required
No local user exists by default.
Required
Specify the service type for AUX users
service-type terminal [ level level ]
Required
Note that:
If you configure to authenticate the users in the scheme mode, the command level available to users
logging in to a switch depends on the command level specified in the AAA scheme:
z When the AAA scheme is local authentication, the command level available to users depends on
the service-type terminal [ level level ] command.
z When the AAA scheme is RADIUS authentication, you need to set the corresponding user level on
the RADIUS server.
For the introduction to AAA, RADIUS, refer to the AAA part of this manual.
Configuration Example
Network requirements
Assume the switch is configured to allow users to log in through Telnet, and the user level is set to the
administrator level (level 3). Perform the following configurations for users logging in through the
console port (AUX user interface).
z Configure the local user name as guest. z Set the authentication password of the local user to 123456 (in plain text).
2-10
z Set the service type of the local user to Terminal and the command level to 2.
z Configure to authenticate the users in the scheme mode.
z The baud rate of the console port is 19,200 bps.
z The screen can contain up to 30 lines.
z The history command buffer can store up to 20 commands.
z The timeout time of the AUX user interface is 6 minutes.
Network diagram
Figure 2-7 Network diagram for AUX user interface configuration (with the authentication mode being
scheme)
GE1/0/1
Ethernet
Configuration PC
running Telnet
Configuration procedure
# Enter system view.
<Sysname> system-view
# Create a local user named guest and enter local user view.
[Sysname] local-user guest
# Set the authentication password to 123456 (in plain text).
[Sysname-luser-guest] password simple 123456
# Set the service type to Terminal, Specify commands of level 2 are available to users logging in to the
AUX user interface.
[Sysname-luser-guest] service-type terminal level 2 [Sysname-luser-guest] quit
# Enter AUX user interface view.
[Sysname] user-interface aux 0
# Configure to authenticate users logging in through the console port in the scheme mode.
[Sysname-ui-aux0] authentication-mode scheme
# Set the baud rate of the console port to 19,200 bps.
[Sysname-ui-aux0] speed 19200
# Set the maximum number of lines the screen can contain to 30.
[Sysname-ui-aux0] screen-length 30
# Set the maximum number of commands the history command buffer can store to 20.
2-11
[Sysname-ui-aux0] history-command max-size 20
# Set the timeout time of the AUX user interface to 6 minutes.
[Sysname-ui-aux0] idle-timeout 6
After the above configuration, you need to modify the configuration of the terminal emulation utility
running on the PC accordingly in the dialog box shown in
Figure 2-4 to log in to the switch successfully.
2-12

3 Logging In Through Telnet

Go to these sections for information you are interested in:
z Introduction
z Telnet Configuration with Authentication Mode Being None
z Telnet Configuration with Authentication Mode Being Password

Introduction

Switch 4500 supports Telnet. You can manage and maintain a switch remotely by Telnetting to the
switch.
To log in to a switch through Telnet, the corresponding configuration is required on both the switch and
the Telnet terminal.
You can also log in to a switch through SSH. SSH is a secure shell added to Telnet. Refer to the SSH Operation for related information.
Table 3-1 Requirements for Telnetting to a switch
Item Requirement
The IP address is configured for the VLAN of the switch, and the route between
the switch and the Telnet terminal is reachable. (Refer to the IP Address
Switch
Telnet terminal
Telnetting to a switch using IPv6 protocols is similar to Telnetting to a switch using IPv4 protocols. Refer
to the IPv6 Management part for related information.
Configuration – IP Performance Configuration and Routing Protocol parts for
more.)
The authentication mode and other settings are configured. Refer to
Table 3-3.
and
Telnet is running.
The IP address of the VLAN interface of the switch is available.
Table 3-2

Common Configuration to Control Telnet Access

Table 3-2 Common Telnet configuration
Configuration Description
VTY user interface configuration
Configure the command level available to users logging in to the VTY user interface
Optional
By default, commands of level 0 are available to users logging in to a VTY user interface.
3-1
Configuration Description
VTY terminal configuration
Configure the protocols the
user interface supports
Set the commands to be executed automatically after a user log in to the user interface successfully
Make terminal services available
Set the maximum number of
lines the screen can contain
Set history command buffer
size
Set the timeout time of a user
interface
Optional
By default, Telnet and SSH protocol are supported.
Optional
By default, no command is executed automatically after a user logs into the VTY user interface.
Optional
By default, terminal services are available in all user interfaces
Optional
By default, the screen can contain up to 24 lines.
Optional
By default, the history command buffer can contain up to 10 commands.
Optional
The default timeout time is 10 minutes.
Follow these steps to set common telnet configuration:
To do… Use the command… Remarks
Enter system view
Enter one or more VTY user interface views
system-view user-interface vty
first-number [ last-number ]
Configure the command level available to users logging in to
user privilege level level
VTY user interface
Configure the protocols to be supported by the VTY user interface
protocol inbound { all | ssh | telnet }
Set the commands to be executed automatically after a user logs in to the user
auto-execute command
text
interface successfully
Enable terminal services
shell
Optional
By default, commands of level 0 are available to users logging in to VTY user interfaces.
Optional
By default, both Telnet protocol and SSH protocol are supported.
Optional
By default, no command is executed automatically after a user logs into the VTY user interface.
Optional
By default, terminal services are available in all user interfaces.
Set the maximum number of lines the screen can contain
screen-length screen-length
3-2
Optional
By default, the screen can contain up to 24 lines.
You can use the screen-length 0
command to disable the function to display information in pages.
To do… Use the command… Remarks
Optional
The default history command
Set the history command buffer size
history-command max-size value
buffer size is 10, that is, the history command buffer of a user can store up to 10 commands by default.
Optional
The default timeout time of a user interface is 10 minutes.
With the timeout time being 10
Set the timeout time of the VTY user interface
idle-timeout minutes [ seconds ]
minutes, the connection to a user interface is terminated if no operation is performed in the user interface within 10 minutes.
You can use the idle-timeout 0
command to disable the timeout function.
Telnet Configurations for Different Authentication Modes
Table 3-3 Telnet configurations for different authentication modes
Authentication
mode
None Set the authentication mode to none
Password
Scheme
Authentication related configuration Description
Set the authentication mode to local password authentication
Set the password for local authentication
Set the authentication mode to scheme
Specify to perform local authentication or
remote authentication
Set user names and passwords locally or on AAA Server
Refer to
Configuration with
Console Port Login
Authentication Mode Being
.
None
Refer to
Configuration with
Console Port Login
Authentication Mode Being Password
Refer to
Configuration with
.
Console Port Login
Authentication Mode Being Scheme
.
3-3
To improve security and prevent attacks to the unused Sockets, TCP 23 and TCP 22, ports for Telnet
and SSH services respectively, will be enabled or disabled after corresponding configurations.
z If the authentication mode is none, TCP 23 will be enabled, and TCP 22 will be disabled. z If the authentication mode is password, and the corresponding password has been set, TCP 23
will be enabled, and TCP 22 will be disabled.
z If the authentication mode is scheme, there are three scenarios: when the supported protocol is
specified as telnet, TCP 23 will be enabled; when the supported protocol is specified as ssh, TCP 22 will be enabled; when the supported protocol is specified as all, both the TCP 23 and TCP 22
port will be enabled.

Telnet Configuration with Authentication Mode Being None

Configuration Procedure
Follow these steps to configure Telnet with the authentication mode being none:
To do… Use the command… Remarks
Enter system view
Enter one or more VTY user interface views
Configure not to authenticate users logging in to VTY user interfaces
Note that if you configure not to authenticate the users, the command level available to users logging in
to a switch depends on the user privilege level level command
Configuration Example
Network requirements
Assume current user logins through the console port, and the current user level is set to the
administrator level (level 3). Perform the following configurations for users logging in through VTY 0
using Telnet.
system-view user-interface vty
first-number [ last-number ]
authentication-mode none
Required
By default, VTY users are authenticated after logging in.
z Do not authenticate the users.
z Commands of level 2 are available to the users.
z Telnet protocol is supported.
z The screen can contain up to 30 lines.
z The history command buffer can contain up to 20 commands.
z The timeout time of VTY 0 is 6 minutes.
3-4
Network diagram
Figure 3-1 Network diagram for Telnet configuration (with the authentication mode being none)
Configuration procedure
# Enter system view.
<Sysname> system-view
# Enter VTY 0 user interface view.
[Sysname] user-interface vty 0
# Configure not to authenticate Telnet users logging in to VTY 0.
[Sysname-ui-vty0] authentication-mode none
# Specify commands of level 2 are available to users logging in to VTY 0.
[Sysname-ui-vty0] user privilege level 2
# Configure Telnet protocol is supported.
[Sysname-ui-vty0] protocol inbound telnet
# Set the maximum number of lines the screen can contain to 30.
[Sysname-ui-vty0] screen-length 30
# Set the maximum number of commands the history command buffer can store to 20.
[Sysname-ui-vty0] history-command max-size 20
# Set the timeout time to 6 minutes.
[Sysname-ui-vty0] idle-timeout 6

Telnet Configuration with Authentication Mode Being Password

Configuration Procedure
Follow these steps to configure Telnet with the authentication mode being password:
To do… Use the command… Remarks
Enter system view
system-view
Enter one or more VTY user interface views
Configure to authenticate users logging in to VTY user interfaces using the local password
Set the local password
user-interface vty first-number [ last-number ]
authentication-mode password
set authentication password { cipher | simple }
password
3-5
Required
Required
When the authentication mode is password, the command level available to users logging in to the user
interface is determined by the user privilege level command.
Configuration Example
Network requirements
Assume current user logins through the console port and the current user level is set to the
administrator level (level 3). Perform the following configurations for users logging in to VTY 0 using
Telnet.
z Authenticate users using the local password.
z Set the local password to 123456 (in plain text).
z Commands of level 2 are available to the users.
z Telnet protocol is supported.
z The screen can contain up to 30 lines.
z The history command buffer can contain up to 20 commands.
z The timeout time of VTY 0 is 6 minutes.
Network diagram
Figure 3-2 Network diagram for Telnet configuration (with the authentication mode being password)
Configuration procedure
# Enter system view.
<Sysname> system-view
# Enter VTY 0 user interface view.
[Sysname] user-interface vty 0
# Configure to authenticate users logging in to VTY 0 using the password.
[Sysname-ui-vty0] authentication-mode password
# Set the local password to 123456 (in plain text).
[Sysname-ui-vty0] set authentication password simple 123456
# Specify commands of level 2 are available to users logging in to VTY 0.
[Sysname-ui-vty0] user privilege level 2
# Configure Telnet protocol is supported.
[Sysname-ui-vty0] protocol inbound telnet
# Set the maximum number of lines the screen can contain to 30.
[Sysname-ui-vty0] screen-length 30
# Set the maximum number of commands the history command buffer can store to 20.
[Sysname-ui-vty0] history-command max-size 20
# Set the timeout time to 6 minutes.
[Sysname-ui-vty0] idle-timeout 6
3-6

Telnet Configuration with Authentication Mode Being Scheme

Configuration Procedure
Follow these steps to configure Telnet with the authentication mode being scheme:
To do… Use the command… Remarks
Enter system view
Enter one or more VTY user interface views
Configure to authenticate users in the scheme mode
Quit to system view
Enter the default ISP domain view
Configure the AAA scheme
Configure the
to be applied to the domain
authenticati on scheme
Quit to system view
system-view user-interface vty
first-number [ last-number ]
authentication-mode scheme [ command­authorization ]
quit
domain domain-name
scheme { local | none | radius-scheme
radius-scheme-name [ local ] }
quit
Required
The specified AAA scheme determines what authentication mode is adopted, local or RADIUS.
Users are authenticated locally by default.
Optional
By default, the local AAA scheme is applied. If you specify to apply the local AAA scheme, you need to perform the configuration concerning local user as well.
If you specify to apply RADIUS scheme, you need to perform the following configuration as well:
z Perform AAA&RADIUS
configuration on the switch. (Refer to the AAA part for more.)
z Configure the user name and
password accordingly on the AAA server. (Refer to the user manual of AAA server.)
Create a local user and enter local user view
Set the authentication password for the local user
Specify the service type for VTY users
local-user user-name
password { simple | cipher }
password
service-type telnet [ level
level ]
No local user exists by default.
Required
Required
Note that:
If you configure to authenticate the users in the scheme mode, the command level available to the users
logging in to the switch depends on the user level defined in the AAA scheme.
z When the AAA scheme is local, the user level depends on the service-type { ftp | lan-access |
{ ssh | telnet | terminal }* [ level level ] } command.
z When the AAA scheme is RADIUS, you need to specify the user level of a user on the
corresponding RADIUS server.
3-7
Refer to the AAA part of this manual for information about AAA, RADIUS.
Configuration Example
Network requirements
Assume current user logins through the console port and the user level is set to the administrator level
(level 3). Perform the following configurations for users logging in to VTY 0 using Telnet.
z Configure the local user name as guest. z Set the authentication password of the local user to 123456 (in plain text).
z Set the service type of VTY users to Telnet and the command level to 2.
z Configure to authenticate users logging in to VTY 0 in scheme mode.
z Only Telnet protocol is supported in VTY 0.
z The screen can contain up to 30 lines.
z The history command buffer can store up to 20 commands.
z The timeout time of VTY 0 is 6 minutes.
Network diagram
Figure 3-3 Network diagram for Telnet configuration (with the authentication mode being scheme)
Configuration procedure
# Enter system view.
<Sysname> system-view
# Create a local user named guest and enter local user view.
[Sysname] local-user guest
# Set the authentication password of the local user to 123456 (in plain text).
[Sysname-luser-guest] password simple 123456
# Set the service type to Telnet, Specify commands of level 2 are available to users logging in to VTY 0..
[Sysname-luser-guest] service-type telnet level 2 [Sysname-luser-guest] quit
# Enter VTY 0 user interface view.
[Sysname] user-interface vty 0
# Configure to authenticate users logging in to VTY 0 in the scheme mode.
[Sysname-ui-vty0] authentication-mode scheme
# Configure Telnet protocol is supported.
[Sysname-ui-vty0] protocol inbound telnet
3-8
Loading...
+ 712 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use