Example for Configuring Switch Login Through a Console Port
Overview
After a PC is connected to a switch through a dedicated console cable, you can perform login configurations and use the PC to manage the switch.
Logging in through a console port is a basic login mode and forms the basis of other login modes such as Telnet and STelnet. When you log in to a switch for the first time or if you cannot remotely log in to a switch, you can log in to the switch through a console port.
Configuration Notes
- Prepare a console cable. If you use a laptop or a PC without a serial port, prepare a USB to serial cable and install the driver stored on the CD-ROM (delivered with the cable) according to instructions.
- Install the terminal emulation software on the PC. You can use the built-in HyperTerminal of Windows 2000 on the PC. If no built-in terminal emulation software is available, prepare the terminal emulation software. For details on how to use terminal emulation software, see the related usage guide or online help.
- This example applies to switches that support the console interface.
The following uses the command lines and outputs of the S7700 running V200R006C00 as an example.
Networking Requirements
The IT maintenance department of a company purchases S series switches, which are configured by network administrators. A network administrator usually logs in to a new switch through a console port and then performs initial configurations.
As shown in Figure 1, the serial port of a PC is connected to the console port of the Switch through a console cable. The user wants to log in to the Switch through the console port and requires local authentication upon the next login. To facilitate remote maintenance on the Switch, the user wants to configure the Telnet function.
Configuration Roadmap
The configuration roadmap is as follows:
Configure terminal emulation software, set the connected port and communication parameters, and log in to the Switch.
Configure basic information for the Switch, including the date, time, time zone, and name, to facilitate management.
- Configure an authentication mode for the console user interface so that the user is authenticated upon the next login through the console port.
Configure the management IP address and Telnet to facilitate remote maintenance on the Switch.
Procedure
- Connect the DB9 female connector of the console cable to the serial port (COM) on the PC, and connect the RJ45 connector to the console port on the switch, as shown in Figure 2.
- If you use a laptop or a PC without a serial port, prepare a USB to serial cable. Install the driver stored on the CD-ROM (delivered with the cable) according to instructions, connect the USB-DB9 female connector of the cable to the USB port on the PC, and connect the RJ-45 connector to the console port on the switch.
- If the switch has two MPUs, you can log in to the switch through the console port on either of the two MPUs.
- Configure terminal emulation software and log in to the Switch.
Start terminal emulation software on the PC. Establish a connection, and set the connected port and communication parameters. Table 1 lists the default attribute settings of a console port.
Table 1 Default attribute settings of a console port Parameter
Default Setting
Baud rate
9600 bit/s
Flow Control
None
Parity
In V200R009 and earlier versions, authentication is not performed by default. In V200R010 and later versions, AAA authentication is used by default, the default user name is admin, and the default password is admin@huawei.com.
Stop bits
1
Data bits
8
- Configure basic information for the Switch.
# Set the date, time, time zone, and name.
The time zone varies depending on the location of a switch. Set the time zone based on the site requirements. The following information is only for reference.
<HUAWEI> clock timezone BJ add 08:00:00 //BJ is the name of the time zone, and 08:00:00 indicates that the local time is 8 plus the system default UTC time zone. <HUAWEI> clock datetime 10:10:00 2014-07-26 //Set the current date and time. Before setting the current time, check the time zone and set a correct time zone offset to ensure the correct local time. <HUAWEI> system-view [HUAWEI] sysname Switch //Set the switch name to Switch.
- Configure an authentication mode for the console user interface. (In V200R010 and later versions, the default authentication mode for the console user interface is AAA authentication. The method of changing the authentication mode is similar and is not provided here.)
# Set the authentication mode of the console interface to AAA, and create a local user.
[Switch] user-interface console 0 [Switch-ui-console0] authentication-mode aaa //Set the authentication mode of the user to AAA. [Switch-ui-console0] quit [Switch] aaa [Switch-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 //Create a local user named admin1234 and set its password to Helloworld@6789. Versions earlier than V200R003 support only the cipher keyword but do not support irreversible-cipher. [Switch-aaa] local-user admin1234 privilege level 15 //Set the user level to 15. [Switch-aaa] local-user admin1234 service-type terminal //Set the access type to terminal, that is, console user. [Switch-aaa] quit
- Configure the management IP address and Telnet.
# Configure the management IP address.
[Switch] vlan 10 [Switch-vlan10] interface vlanif 10 //Configure VLANIF 10 as the management interface. [Switch-Vlanif10] ip address 10.1.1.1 24 [Switch-Vlanif10] quit [Switch] interface gigabitethernet 0/0/10 //GE0/0/10 is the physical interface used for logging in to the switch through the web system on a PC. Select an interface based on actual networking requirements. [Switch-GigabitEthernet0/0/10] port link-type access //Set the interface type to access. [Switch-GigabitEthernet0/0/10] port default vlan 10 //Add GE0/0/10 to VLAN 10. [Switch-GigabitEthernet0/0/10] quit
# Configure the Telnet function.
[Switch] telnet server enable //Enable Telnet. [Switch] user-interface vty 0 4 //Enter the user interface views of VTY 0 to VTY 4. [Switch-ui-vty0-4] user privilege level 15 //Set the level of users in VTY 0 to VTY 4 to 15. [Switch-ui-vty0-4] authentication-mode aaa //Set the authentication mode of users in VTY 0 to VTY 4 to AAA. [Switch-ui-vty0-4] quit [Switch] aaa [Switch-aaa] local-user admin123 password irreversible-cipher Huawei@6789 //Create a local user named admin1234 and set its password to Huawei@6789. Versions earlier than V200R003 support only the cipher keyword but do not support irreversible-cipher. [Switch-aaa] local-user admin123 privilege level 15 //Set the user level to 15. Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]y [Switch-aaa] local-user admin123 service-type telnet //Set the access type to telnet, that is, Telnet user. [Switch-aaa] quit
- Verify the configuration.
When logging in to the switch again through the console port after completing the configuration, you need to enter the user name and authentication password configured in the preceding steps to pass identity authentication and log in to the switch successfully. You can also log in to the switch using Telnet.
Configuration Files
Switch configuration file
# sysname Switch # vlan batch 10 # telnet server enable # clock timezone BJ add 08:00:00 # aaa local-user admin123 password irreversible-cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj+,$>NP>63de|G~ws,9G%^%# local-user admin123 privilege level 15 local-user admin123 service-type telnet local-user admin1234 password irreversible-cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj+,$>NP>63de|G~ws,9G%^%# local-user admin1234 privilege level 15 local-user admin1234 service-type terminal # interface Vlanif10 ip address 10.1.1.1 255.255.255.0 # interface GigabitEthernet0/0/10 port link-type access port default vlan 10 # user-interface con 0 authentication-mode aaa user-interface vty 0 4 authentication-mode aaa user privilege level 15 # return