3com S7906E 설치 설명서

 

5-1 

As shown in 

, command levels should be configured for different users to secure Device:  

z 

The device administrator accesses Device through the console port on Host A. When the 

administrator logs in to the device, username and password are not required. 

z 

Users access Device through an Ethernet interface on Host B. When a user logs in to Device, both 

username and password are required. Only the authenticated users can log in and perform 

configurations. RADIUS authentication is of higher priority, and local authentication is used when 

the RADIUS server or the link fails. The local username is monitor and password is 123. 

Figure 5-1 Network diagram for configuring user authentication 

 

 

# Assign an IP address to Device to make Device be reachable from Host A, Host B, Host C, and 

RADIUS server. The configuration is omitted. 

# Enable telnet services on Device. 

<Device> system-view 

[Device] telnet server enable 

# Set that no authentication is needed when users use the console port to log in to Device. Set the 

privilege level of the administrator logging in from the console port to 3, that is, the administrator can 

execute all the device commands. 

[Device] user-interface aux 0 

[Device-ui-aux0] authentication-mode none 

[Device-ui-aux0] user privilege level 3 

[Device-ui-aux0] quit 

# Set to use username and password authentication when users use VTY interface to log in to Device 

from Host B. The command level that a login user on VTY can access depends on the user 

configuration on the AAA server.  

[Device] user-interface vty 0 4