[x]

 > Login overview

 

 Next

Login overview

The first time you access the device, you can only log in to the CLI through the console port. After login, you can change console login parameters or configure other access methods, including Telnet, SSH, SNMP, and RESTful.

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features, commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about FIPS mode, see Security Configuration Guide.

Telnet is not supported in FIPS mode.

Table 10: Login methods at a glance

Login method

Default settings and minimum configuration requirements

Login configuration

CLI login:

Configuring CLI login

  • Local console login

By default, local console login is enabled and does not require authentication. The default user role is network-admin. To improve device security, configure password or scheme authentication for the AUX line immediately after you log in to the device for the first time.

Configuring local console login

  • Telnet login

By default, Telnet login is disabled.

To enable Telnet login, perform the following tasks:

  • Enable the Telnet server feature.

  • Assign an IP address to a Layer 3 interface and make sure the interface and the Telnet client can reach each other.

  • Configure an authentication mode for VTY login users. By default, password authentication is used but no password is configured.

  • Assign a user role to VTY login users. By default, a VTY login user is assigned the network-operator user role.

Configuring Telnet login

  • SSH login

By default, SSH login is disabled.

To enable SSH login, perform the following tasks:

  • Enable the SSH server feature and configure SSH attributes.

  • Assign an IP address to a Layer 3 interface. Make sure the interface and the SSH client can reach each other.

  • Configure scheme authentication for VTY login users. By default, password authentication is used.

  • Assign a user role to VTY login users. By default, a VTY login user is assigned the network-operator user role.

Configuring SSH login

  • Modem dial-in

By default, modem dial-in is enabled and does not require authentication. The default user role is network-admin. To improve device security, configure password or scheme authentication for the AUX line immediately after you log in to the device for the first time.

Logging in through a pair of modems

SNMP access

By default, SNMP access is disabled.

To enable SNMP access, perform the following tasks:

  • Assign an IP address to a Layer 3 interface. Make sure the interface and the NMS can reach each other.

  • Configure SNMP basic parameters.

Accessing the device through SNMP

RESTful access

By default, RESTful access is disabled.

To enable RESTful access, perform the following tasks:

  • Assign an IP address to a Layer 3 interface. Make sure the interface and the RESTful access user's host can reach each other.

  • Enable RESTful access over HTTP or RESTful access over HTTPS.

  • Configure a local user account for RESTful access and assign a user role to the account. By default, the network-operator user role is assigned to the account.

  • Assign HTTP or HTTPS service to the user. By default, no service type is assigned to a local user.

Configuring RESTful access over HTTP

prev

 

up

 next

Login attempts by RADIUS users always fail 

home

 Using the console port for the first device access

© Copyright 2017 Hewlett Packard Enterprise Development LP