Login overview
The first time you access the device, you can only log in to the CLI through the console port. After login, you can change console login parameters or configure other access methods, including Telnet, SSH, SNMP, and RESTful.
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.
Telnet and HTTP-based RESTful access are not supported in FIPS mode.
Table 10: Login methods at a glance
Login method | Default settings and minimum configuration requirements | Login configuration |
---|
CLI login: | | Configuring CLI login |
| By default, local console login is enabled and does not require authentication. The default user role is network-admin. To improve device security, configure password or scheme authentication for the AUX line immediately after you log in to the device for the first time. | Configuring local console login |
| By default, Telnet login is disabled. To enable Telnet login, perform the following tasks: Enable the Telnet server feature. Assign an IP address to a Layer 3 interface and make sure the interface and the Telnet client can reach each other. Configure an authentication mode for VTY login users. By default, password authentication is used but no password is configured. Assign a user role to VTY login users. By default, a VTY login user is assigned the network-operator user role.
| Configuring Telnet login |
| By default, SSH login is disabled. To enable SSH login, perform the following tasks: Enable the SSH server feature and configure SSH attributes. Assign an IP address to a Layer 3 interface. Make sure the interface and the SSH client can reach each other. Configure scheme authentication for VTY login users. By default, password authentication is used. Assign a user role to VTY login users. By default, a VTY login user is assigned the network-operator user role.
| Configuring SSH login |
SNMP access | By default, SNMP access is disabled. To enable SNMP access, perform the following tasks: | Accessing the device through SNMP |
RESTful access | By default, RESTful access is disabled. To enable RESTful access, perform the following tasks: Assign an IP address to a Layer 3 interface. Make sure the interface and the RESTful access user's host can reach each other. Enable RESTful access over HTTP or RESTful access over HTTPS. Configure a local user account for RESTful access and assign a user role to the account. By default, the network-operator user role is assigned to the account. Assign HTTP or HTTPS service to the user. By default, no service type is assigned to a local user.
| Configuring RESTful access over HTTP |