authentication-mode (user interface view)
Function
The authentication-mode command configures an authentication mode for accessing the user interface.
The undo authentication-mode command deletes the authentication mode for accessing the user interface.
The default authentication mode for console port login users is AAA authentication. By default, the authentication mode for users using other login modes is not configured using this command. You must configure an authentication mode for accessing the user interface; otherwise, users cannot log in to the device.
Parameters
| Parameter | Description | Value |
|---|---|---|
| aaa | Indicates the AAA authentication mode. | - |
| password | Indicates the password authentication mode. | - |
| none | Indicates the non-authentication mode. | - |
Usage Guidelines
Usage Scenario
When you log in to the device through the console port for the first time, the system asks you to enter the user name and login password. The default user name is admin and the default password is admin@huawei.com. After entering the default user name and password, you must reconfigure the login password and then can log in to the device. After logging in to the device, you can run this command to reconfigure the authentication mode.
Before Telnet or SSH users log in to the device using VTY user interface, they must run the authentication-mode command to configure the authentication mode.
Precautions
To ensure that users can log in to the device successfully, configure an authentication mode.
Before setting the Telnet login authentication mode to password authentication, run the protocol inbound { all | telnet } command to configure the VTY user interface to support Telnet. Otherwise, the user authentication mode configuration will fail.
If non-authentication is used, any user can be successfully authenticated without the need of entering the user name and password. Therefore, you are not advised to use non-authentication for device or network security purposes.
After you set the authentication mode to password, run the set authentication password command to configure an authentication password. Keep the password safe. You need to enter the password when logging in to the device. The levels of commands accessible to a user depend on the level configured for the user interface to which the user logs in.
After login, the level of the commands the user can run depends on the level of the local user specified in AAA configuration.
When you run the undo authentication-mode command to delete the authentication mode, the device asks you whether to delete the authentication mode.
For devices running V200R009C00 and earlier versions, no default authentication mode is configured for console port login users. For devices running V200R010C00 and later versions, the default authentication mode is AAA authentication.
If a device runs a version earlier than V200R010C00 and the authentication mode for accessing the user interface is not configured using this command, the default authentication mode is still non-authentication after the system software is upgraded to V200R010C00 or a later version. The system asks you whether to change the password. To ensure the console port usage security, it is recommended that you configure the login password or set the authentication mode to AAA or password authentication after logging in to the device.
If a device runs a version earlier than V200R010C00 and the authentication mode for accessing the user interface has been configured using this command, the default authentication mode is still the originally configured authentication mode after the system software is upgraded to V200R010C00 or a later version.
Example
# Configure password authentication for users to access the user interface.
<HUAWEI> system-view [HUAWEI] user-interface vty 0 [HUAWEI-ui-vty0] protocol inbound all [HUAWEI-ui-vty0] authentication-mode password Warning: The "password" authentication mode is not secure, and it is strongly re commended to use "aaa" authentication mode. [HUAWEI-ui-vty0] set authentication password cipher helloworld@6789 Warning: The "password" authentication mode is not secure, and it is strongly re commended to use "aaa" authentication mode.