The device supports up to one Console port user and 16 Telnet or SSH users to log in at the same time. Line commands can set different authentication and authorization properties for the login users.
Configuration Condition
None
Enter Line Configuration Mode of Console Port
To configure the Console port properties, you need to enter the line configuration mode of the Console port.
Table 3-5 Entering the Line Configuration Mode of the Console Port
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enters the line configuration mode of the Console port.
|
line con 0
|
Mandatory
|
Enter the Line Configuration Mode of the Telnet or SSH User
To configure the Telnet or SSH properties, you need to enter the line configuration mode of Telnet of SSH.
Table 3-6 Entering the Line Configuration Mode of the Telnet or SSH User
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enter the line configuration mode of the Telnet or SSH user.
|
line vty { vty-min-number } [ vty-max-number ]
|
Mandatory
|
Configure Absolute Time for Login User Operation
The absolute time for the login user operation refer to the timeout time from the successful login of a user to the automatic exit of the user, in the unit of minute. If the absolute time is set to 0, it indicates that the time is not limited. By default, the time is 0. In addition, five seconds before the configured time expires, the following prompt message is displayed: Line timeout expired.
Table 3-7 Configuring the Absolute Time for the Login User Operation
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enter the line configuration mode of the Console port or Virtual Type Terminal (VTY).
|
line { con 0 | vty vty-min-number [ vty-max-number ] }
|
Mandatory
|
|
Configure the absolute time for the login user operation.
|
absolute-timeout absolute-timeout-number
|
Mandatory.
By default, the absolute time is 0, that is, no time limit.
|
Configure Privilege Level of Login User
Configure the privilege level of the login user. The default privilege level is 1. A user can execute only the commands with the level equal to or smaller than the current level.
Table 3-8 Configuring the Privilege Level of the Login User
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enter the line configuration mode of the Console port or VTY.
|
line { con 0 | vty vty-min-number [ vty-max-number ] }
|
Mandatory.
|
|
Configure the privilege level of the login user.
|
privilege level level-number
|
Mandatory.
The privilege level is 1.
|
Configure Access Control List
Set the access control list of the user. Only the hosts permitted by the access control list can log into the device.
Table 3-9 Configure the line access control list
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode
|
configure terminal
|
-
|
|
Enter the line configuration mode of the Console port or VTY.
|
line { vty vty-min-number [ vty-max-number ] }
|
Mandatory
|
|
Configure the access control list
|
access-class { access-list-number | access-list-name} { in | out}
|
Mandatory
|
|
Configure ipv6 ACL control list
|
ipv6 access-class {access-list-number | access-list-name }{ in | out}
|
Optional
|
Configure Users to Automatically Execute Commands after Login
Configure the commands to be automatically executed after users successfully log in. By default, no command is to be automatically executed.
Table 3-10 Configuring the Commands to be Automatically Executed after Successful Login
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enter the line configuration mode of the Console port or VTY.
|
line { con 0 | vty vty-min-number [ vty-max-number ] }
|
Mandatory
|
|
Configure the commands to be automatically executed after successful login.
|
autocommand command-line
|
Mandatory
|
Configure Auto Command Execution Options
You can configure delay time for auto commands, and configure whether to disconnect the user connection after the commands are executed automatically. By default, the command execution is not delayed, and the user connection is disconnected after the commands are executed automatically.
The auto command execution options include delay and whether to disconnect the user connection after command execution.
Table 3-11 Configuring Auto Command Execution Options
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enter the line configuration mode of the Console port or VTY.
|
line { con 0 | vty vty-min-number [ vty-max-number ] }
|
Mandatory.
|
|
Configure the auto command execution options.
|
autocommand-option { nohangup [ delay delay-time-number ] | delay delay-time-number [ nohangup ] }
|
Mandatory.
|
-
The autocommand-option command is valid only after the autocommand function is configured.
Configure Login User Idle Timeout Time
If the time in which login user does not perform any operation on the device is longer than the idle timeout time, the device make the current login user to log out. The default idle timeout exit time is 5 minutes. If the time is set to 0, then idle timeout does not take effect.
Table 3-12 Configuring the Idle Timeout Exit Time
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enter the line configuration mode of the Console port or VTY.
|
line { con 0 | vty vty-min-number [ vty-max-number ] }
|
Mandatory
|
|
Configuring the idle timeout exit time.
|
exec-timeout exec-timeout-minute_number [ exec-timeout-second_number ]
|
Mandatory
The default idle timeout exit time is 5 minutes.
|
Configure the Line Password
Use 0 and 7 to indicate whether the line password is in plain text or cipher text. 0 indicates that the password is in plain text while 7 indicates that the password is in cipher text. In interaction mode, only plain-text password is allowed. That is, in this mode, parameter value 0 is used.
Table 3-13 Configuring the Line Password
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enter the line configuration mode of the Console port or VTY.
|
line { con 0 | vty vty-min-number [ vty-max-number ] }
|
Mandatory
|
|
Configure the line password.
|
password 0 password
|
Mandatory
|
Configure the Login Authentication Mode
The device supports the following login authentication modes:
- Login password authentication mode: Uses line password authentication.
- Login aaa authentication mode: Uses the AAA authentication.
- No login indicates that no authentication is required for login.
- By default, the no login authentication mode is used for Telnet, and the local user authentication mode is used for SSH.
Table 3-14 Configuring the Login Authentication Mode
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enter the line configuration mode of the Console port or VTY.
|
line { con 0 | vty vty-min-number [ vty-max-number ] }
|
Mandatory
|
|
Configure the login authentication mode.
|
login {aaa [ domain-name | default] | password}
|
The command will affect the AAA authentication, authorization, and accounting.
|
Configure the User Login Timeout Time
During login, if the wait time for the user to input the user name or password times out, the system prompts that the login fails. By default, the login timeout time is 30 seconds. To modify the wait timeout time, use this function.
Table 3-15 Configuring the User Login Wait Timeout Time
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode.
|
configure terminal
|
-
|
|
Enter the line configuration mode of the Console port or VTY.
|
line { con 0 | vty vty-min-number [ vty-max-number ] }
|
Mandatory.
|
|
Configure the user login wait timeout time.
|
timeout login respond respond-time-value
|
Mandatory.
By default, the wait time for the user to input the user name or password is 30 seconds.
|
Switch
.png){kind=icon}
.png){kind=logo}
.jpg)
.png){kind=logo}
