02 Typical Login Configuration PDF

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Typical Configuration Examples 2 Typical Login Configuration
2 Typical Login Configuration
About This Chapter
2.1 Example for Configuring Switch Login Through a Console Port

2.2 Example for Configuring Telnet Login (Based on ACL Rules and RADIUS
Authentication)
2.3 Example for Configuring STelnet Login (Based on RADIUS Authentication)
2.4 Example for Configuring Switch Login Through the Web System
2.1 Example for Configuring Switch Login Through a

Console Port
Overview
After a PC is connected to a switch through a dedicated console cable, you can perform login
configurations and use the PC to manage the switch.
Logging in through a console port is a basic login mode and forms the basis of other login
modes such as Telnet and STelnet. When you log in to a switch for the first time or fail to
remotely log in to a switch, you can log in to the switch through a console port.
Configuration Notes
l Prepare a console cable. If you use a laptop or a PC without a serial port, prepare a USB
to serial cable and install the driver stored on the CD-ROM (delivered with the cable)
according to instructions.
l Install the terminal emulation software on the PC. You can use the built-in
HyperTerminal of Windows 2000 on the PC. If no built-in terminal emulation software is
available, prepare the terminal emulation software. For details on how to use terminal
emulation software, see the related usage guide or online help. The third-part software
SecureCRT is used as an example here.
l This example applies to switches that support the console interface.
Issue 20 (2017-11-20) Huawei Proprietary and Confidential 255

Copyright © Huawei Technologies Co., Ltd.
S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
NOTE
The following uses the command lines and outputs of the S7700 running V200R006C00 as an example.
Networking Requirements
The IT maintenance department of a company purchases S series switches, which are
configured by network administrators. A network administrator usually logs in to a new
switch through a console port and then performs initial configurations.
As shown in Figure 2-1, the serial port of a PC is connected to the console port of the Switch
through a console cable. The user wants to log in to the Switch through the console port and
requires local authentication upon the next login. To facilitate remote maintenance on the
Switch, the user wants to configure the Telnet function.
Figure 2-1 Networking diagram for configuring switch login through a console port
Serial port Console port
Console cable
PC Switch
10.1.1.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure terminal emulation software, set the connected port and communication
parameters, and log in to the Switch.
2. Configure basic information for the Switch, including the date, time, time zone, and
name, to facilitate management.
3. Configure an authentication mode for the console user interface so that the user is
authenticated upon the next login through the console port.
4. Configure the management IP address and Telnet to facilitate remote maintenance on the
Switch.
Procedure
Step 1 Connect the DB9 female connector of the console cable to the serial port (COM) on the PC,
and connect the RJ45 connector to the console port on the switch, as shown in Figure 2-2.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Figure 2-2 Connecting to the switch through the console port
NOTE
l If you use a laptop or a PC without a serial port, prepare a USB to serial cable. Install the driver
stored on the CD-ROM (delivered with the cable) according to instructions, connect the USB-DB9
female connector of the cable to the USB port on the PC, and connect the RJ-45 connector to the
console port on the switch.
l If the switch has two MPUs, you can log in to the switch through the console port on either of the
two MPUs.
Step 2 Configure terminal emulation software and log in to the Switch.

Start terminal emulation software (SecureCRT is used as an example) on the PC. Establish a
connection, and set the connected port and communication parameters. Table 2-1 lists the
default attribute settings of a console port.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Table 2-1 Default attribute settings of a console port
Parameter Default Setting
Baud rate 9600 bit/s
Flow Control None
In V200R009 and earlier versions,

authentication is not performed by default.
In V200R010 and later versions, AAA
Parity
authentication is used by default, the default
user name is admin, and the default
password is admin@huawei.com.
Stop bits 1
Data bits 8
1. Click to establish a connection, as shown in Figure 2-3.
Figure 2-3 Establishing a connection
2. Set the connected port and communication parameters, as shown in Figure 2-4.
Select the connected port based on actual situations. For example, you can view port
information in Device Manager in the Windows operating system, and select the
connected port.
Communication parameters of terminal emulation software must be consistent with the

default attribute settings of the console port on the Switch, which are 9600 bit/s
transmission rate, 8 data bits, 1 stop bit, no parity check, and no flow control.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
NOTE
By default, no flow control mode is configured on the switch. Because RTS/CTS is selected in the
software by default, you need to deselect RTS/CTS; otherwise, you cannot enter commands.
Figure 2-4 Setting the connected port and communication parameters
3. Click Connect. In V200R009 and earlier versions, the following information will be
displayed, prompting you to configure a login password. There is no default password
for first login. You need to configure a login password. (The following output is only for
reference.)
An initial password is required for the first login via the console.
Continue to set it? [Y/N]: y //Configure the login password.
Set a password and keep it safe. Otherwise you will not be able to login via
the console.
Please configure the login password

(8-16)
Enter Password:
Confirm Password:
<HUAWEI>
In V200R010 and later versions, the system prompts you to enter the user name and
password. The default user name for first login is admin and password is
admin@huawei.com. You must reconfigure the password during first login. If you have
already configured a password, use it for subsequent logins. (The following output is
only for reference.)
Login authentication
Username:admin
Password: //Enter the default password admin@huawei.com.
Warning: The default password poses security risks.
The password needs to be changed. Change now? [Y/N]: y //Change the login
password.
Please enter old password: //Enter the default password admin@huawei.com.
Please enter new password: //Enter the new password.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Please confirm new password: //Enter the new password again.

The password has been changed successfully
<HUAWEI>
– The value is a string of 8 to 16 case-sensitive characters without spaces. The

password must contain at least two types of the following: upper-case and lower-
case letters, digits, and special characters except the question mark (?).
– The password entered in interactive mode is not displayed on the screen.
– When you log in to the switch again in password authentication mode, enter the
password set during the initial login if you have not modified the authentication
mode and password.
You can run commands to configure the Switch. Enter a question mark (?) whenever you
need help.
Step 3 Configure basic information for the Switch.
# Set the date, time, time zone, and name.
NOTE
The time zone varies depending on the location of a switch. Set the time zone based on the site requirements.
The following information is only for reference.
<HUAWEI> clock timezone BJ add 08:00:00 //BJ is the name of the time zone, and
08:00:00 indicates that the local time is 8 plus the system default UTC time zone.
<HUAWEI> clock datetime 10:10:00 2014-07-26 //Set the current date and time.
Before setting the current time, check the time zone and set a correct time zone
offset to ensure the correct local time.
<HUAWEI> system-view
[HUAWEI] sysname Switch //Set the switch name to Switch.
Step 4 Configure an authentication mode for the console user interface. (In V200R010 and later
versions, the default authentication mode for the console user interface is AAA
authentication. The method of changing the authentication mode is similar and is not provided
here.)
# Set the authentication mode of the console interface to AAA, and create a local user.
[Switch] user-interface console 0
[Switch-ui-console0] authentication-mode aaa //Set the authentication mode of
the user to AAA.
[Switch-ui-console0] quit
[Switch] aaa
[Switch-aaa] local-user admin1234 password irreversible-cipher
Helloworld@6789 //Create a local user named admin1234 and set its password to
Helloworld@6789. Versions earlier than V200R003 support only the cipher keyword
but do not support irreversible-cipher.
[Switch-aaa] local-user admin1234 privilege level 15 //Set the user level to
15.
[Switch-aaa] local-user admin1234 service-type terminal //Set the access type
to terminal, that is, console user.
[Switch-aaa] quit
Step 5 Configure the management IP address and Telnet.

# Configure the management IP address.
[Switch] vlan 10
[Switch-vlan10] interface vlanif 10 //Configure VLANIF 10 as the management
interface.
[Switch-Vlanif10] ip address 10.1.1.1 24
[Switch-Vlanif10] quit
[Switch] interface gigabitethernet 0/0/10 //GE0/0/10 is the physical interface
used for logging in to the switch through the web system on a PC. Select an
interface based on actual networking requirements.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
[Switch-GigabitEthernet0/0/10] port link-type access //Set the interface type

to access.
[Switch-GigabitEthernet0/0/10] port default vlan 10 //Add GE0/0/10 to VLAN 10.
[Switch-GigabitEthernet0/0/10] quit
# Configure the Telnet function.

[Switch] telnet server enable //Enable Telnet.
[Switch] user-interface vty 0 4 //Enter the user interface views of VTY 0 to
VTY 4.
[Switch-ui-vty0-4] user privilege level 15 //Set the level of users in VTY 0
to VTY 4 to 15.
[Switch-ui-vty0-4] authentication-mode aaa //Set the authentication mode of
users in VTY 0 to VTY 4 to AAA.
[Switch-ui-vty0-4] quit
[Switch] aaa
[Switch-aaa] local-user admin123 password irreversible-cipher Huawei@6789 //
Create a local user named admin1234 and set its password to Huawei@6789. Versions
earlier than V200R003 support only the cipher keyword but do not support
irreversible-cipher.
[Switch-aaa] local-user admin123 privilege level 15 //Set the user level to 15.
[Switch-aaa] local-user admin123 service-type telnet //Set the access type to
telnet, that is, Telnet user.
[Switch-aaa] quit
Step 6 Verify the configuration.
When logging in to the switch again through the console port after completing the
configuration, you need to enter the user name and authentication password configured in the
preceding steps to pass identity authentication and log in to the switch successfully. You can
also log in to the switch using Telnet.
----End
Configuration Files
Switch configuration file
#
sysname Switch
#
vlan batch 10
#
telnet server enable
#
clock timezone BJ add 08:00:00
#
aaa
local-user admin123 password irreversible-cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!
X@o:Va15dxQAj+,$>NP>63de|G~ws,9G%^%#
local-user admin123 privilege level 15
local-user admin123 service-type telnet
local-user admin1234 password irreversible-cipher %^%#}+ysUO*B&
+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj+,$>NP>63de|G~ws,9G%^%#
local-user admin1234 privilege level 15
local-user admin1234 service-type terminal
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/10
port link-type access
port default vlan 10
#
user-interface con 0
authentication-mode aaa
user-interface vty 0 4

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
user privilege level 15
#
return
Related Content
Videos
Log In to a Switch Through the Console Port.
2.2 Example for Configuring Telnet Login (Based on ACL

Rules and RADIUS Authentication)
Overview
Telnet login to a switch facilitates remote management and maintenance on the switch so that
you do not need to connect a terminal to each switch. By default, you cannot log in to a
switch using Telnet. You need to log in to a switch through a console port and configure the
Telnet function first. For details, see 2.1 Example for Configuring Switch Login Through a
Console Port.
An Access Control List (ACL) is a packet filter that filters packets based on rules. One or
more rules describe the packet matching conditions, such as the source address, destination
address, and port number of packets. For packets that match the ACL rules configured on a
device, the device forwards or discards these packets according to the policies used by the
service module to which the ACL is applied.
RADIUS uses the client/server model in distributed mode and protects a network against
unauthorized access. It is often used on networks that require high security and remote user
access control. After Telnet login based on RADIUS authentication is configured, a switch
sends the user name and password of a login user to the RADIUS server. The RADIUS server
then authenticates the user and records the user operations, ensuring network security.
If ACLs and RADIUS authentication are both configured, packets matching ACL rules reach
an upper-layer module and then are authenticated in RADIUS mode based on the user name
and password. The Telnet login mode based on ACL rules and RADIUS authentication
therefore ensures network security.
Configuration Notes
l Telnet is an insecure protocol. Using STelnet V2 is recommended.
l Ensure that the user terminal has reachable routes to the switch and RADIUS server.
l Ensure that the IP address, port number, and shared key of the RADIUS server are
configured correctly on the switch and are the same as those on the RADIUS server.
l Ensure that a user has been configured on the RADIUS server. In this example, the user
admin@huawei.com (in the format of user name@domain name) and password
Huawei@1234 have been configured.
l This example applies to all versions of all S series switches.
NOTE

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
The network administrator requires remote management and maintenance on a switch and
high network security for protecting the network against unauthorized access. To meet the
requirements, configure Telnet login based on ACL rules and RADIUS authentication.
As shown in Figure 2-5, the Switch has reachable routes to the administrator and the
RADIUS server. The IP address and port number of the RADIUS server are 10.2.1.1/24 and
1812 respectively.
Figure 2-5 Networking diagram for configuring Telnet login based on ACL rules and
RADIUS authentication
RADIUS Server
10.2.1.1/24
Network
Network Switch
Administrator 10.1.1.1/24
10.137.217.177/24
1. Configure the Telnet protocol so that users can log in to the Switch using Telnet.
2. Configure an ACL rule to ensure that only users matching the ACL rule can log in to the
Switch.
3. Configure the RADIUS protocol to implement RADIUS authentication. After the
configuration is complete, you can use the user name and password configured on the
RADIUS server to log in to the Switch using Telnet, ensuring user login security.
Procedure
Step 1 Configure Telnet login.
[HUAWEI] sysname Switch
[Switch] telnet server enable
VTY 14.
[Switch-ui-vty0-14] protocol inbound telnet //Configure the VTY user interface
to support Telnet. By default, switches in V200R006 and earlier versions support
Telnet, and switches in V200R007 and later versions support SSH.
to VTY 14 to 15.
Step 2 Configure a basic ACL rule.

[Switch] acl 2008
[Switch-acl-basic-2008] rule permit source 10.137.217.177 0
[Switch-acl-basic-2008] quit
[Switch] user-interface vty 0 14

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
[Switch-ui-vty0-14] acl 2008 inbound //Allow only users matching ACL 2008 in
VTY 0 to VTY 14 to log in to the switch.
Step 3 Configure RADIUS authentication.
# Configure a RADIUS server template on the Switch to implement communication with the
RADIUS server.
[Switch] radius-server template 1 //Enter the RADIUS server template view.
[Switch-radius-1] radius-server authentication 10.2.1.1 1812 //Configure the
RADIUS server.
[Switch-radius-1] radius-server shared-key cipher Huawei@6789 //Set the shared
key of the RADIUS server to Huawei@6789.
[Switch-radius-1] quit
NOTE
If the RADIUS server does not support a user name containing the domain name, run the undo radius-
server user-name domain-included command to configure the Switch to send packets carrying a user
name without the domain name to the RADIUS server.
# Configure an AAA authentication scheme, with the authentication mode being RADIUS.
[Switch] aaa
[Switch-aaa] authentication-scheme sch1 //Create an authentication scheme
named sch1.
[Switch-aaa-authen-sch1] authentication-mode radius //Set the authentication
mode to RADIUS.
[Switch-aaa-authen-sch1] quit
# Create a domain, and apply the AAA authentication scheme and RADIUS server template
in the domain.
[Switch-aaa] domain huawei.com //Create a domain named huawei.com and enter
the domain view.
[Switch-aaa-domain-huawei.com] authentication-scheme sch1 //Configure the
authentication scheme sch1 for the domain.
[Switch-aaa-domain-huawei.com] radius-server 1 //Apply the RADIUS server
template 1 to the domain.
[Switch-aaa-domain-huawei.com] quit
[Switch-aaa] quit
# Configure the domain huawei.com as the default global management domain so that an
administrator does not need to enter the domain name for logging in to the Switch.
[Switch] domain huawei.com admin
Choose Start > Run as an administrator. Enter cmd to open the Windows Command Prompt
window. Type telnet 10.1.1.1, and press Enter.
C:\Documents and Settings\Administrator> telnet 10.1.1.1
In the login interface, type the user name admin and password Huawei@1234 as prompted
and press Enter. Authentication succeeds, and you successfully log in to the Switch using
Telnet. (The following information is only for reference.)
Login authentication
Username:admin
Password:
Info: The max number of VTY users is 8, and the number
of current VTY users on line is 2.
The current login time is 2014-07-30 09:54:02+08:00.
<Switch>
----End

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Configuration Files
#
sysname Switch
#
domain huawei.com admin
#
telnet server enable
#
radius-server template 1
radius-server shared-key cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj+,
$>NP>63de|G~ws,9G%^%#
radius-server authentication 10.2.1.1 1812 weight 80
#
acl number 2008
rule 5 permit source 10.137.217.177 0
#
aaa
authentication-scheme sch1
authentication-mode radius
domain huawei.com
radius-server 1
#
acl 2008 inbound
protocol inbound telnet
#
return
Related Content
Videos
Remotely Log In to a Switch Using Telnet.
2.3 Example for Configuring STelnet Login (Based on

RADIUS Authentication)
Overview
The Secure Shell (SSH) protocol implements secure remote login on insecure networks,
which ensures data integrity and reliability and guarantees secure data transmission. STelnet,
based on the SSH protocol, ensures information security and provides powerful authentication
function. STelnet protects a switch against attacks such as IP spoofing. By default, you cannot
log in to a switch using STelnet. You need to log in to a switch using a console port or Telnet,
and configure the STelnet function and user interface parameters first.
RADIUS uses the client/server model in distributed mode and protects a network against
unauthorized access. It is often used on networks that require high security and remote user
access control. After STelnet login based on RADIUS authentication is configured, a switch
sends the user name and password of a login user to the RADIUS server. The RADIUS server
then authenticates the user and records the user operations, ensuring network security.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Configuration Notes
l STelnet V1 is an insecure protocol. Using STelnet V2 is recommended.
l Ensure that the user terminal has SSH server login software installed before configuring
STelnet login. In this example, the third-party software PuTTY is used as the SSH server
login software.
l Ensure that the user terminal has reachable routes to the switch and RADIUS server.
l Ensure that the IP address, port number, and shared key of the RADIUS server are
configured correctly on the switch and are the same as those on the RADIUS server.
l Ensure that a user has been configured on the RADIUS server. In this example, the user
admin@huawei.com (in the format of user name@domain name) and password
Huawei@1234 have been configured.
l This example applies to all versions of all S series switches.
NOTE
The network administrator requires remote login to a switch and high network security for
protecting the network against unauthorized access. To meet the requirements, configure
STelnet login based on RADIUS authentication.
As shown in Figure 2-6, the Switch functions as the SSH server and has a reachable route to
the RADIUS server. The IP address and port number of the RADIUS server are 10.2.1.1/24
and 1812 respectively.
Figure 2-6 Networking diagram for configuring STelnet login based on RADIUS
authentication
RADIUS Server
10.2.1.1/24
Network
Network Switch
Administrator 10.1.1.1/24
10.137.217.177/24
1. Generate a local key pair on the SSH server to implement secure data exchange between
the server and client.
2. Configure the STelnet protocol so that users can log in to the Switch using STelnet.
3. Configure the RADIUS protocol to implement RADIUS authentication. After the
configuration is complete, you can use the user name and password configured on the
RADIUS server to log in to the Switch using STelnet, ensuring user login security.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Procedure
Step 1 Configure STelnet login.
# Generate a local key pair on the server.
[HUAWEI] sysname Switch
[HUAWEI] dsa local-key-pair create //Generate a local DSA key pair.
Info: The key name will be: HUAWEI_Host_DSA.
Info: The key modulus can be any one of the following : 1024, 2048.
Info: If the key modulus is greater than 512, it may take a few minutes.
Please input the modulus [default=2048]:
Info: Generating keys...
Info: Succeeded in creating the DSA host keys.
# Configure the VTY user interface.

[Switch] stelnet server enable //Enable the STelnet server function.
VTY 14.
to VTY 14 to 15.
[Switch-ui-vty0-14] protocol inbound ssh //Configure the user interface views
in VTY 0 to VTY 14 to support SSH.
# Set the authentication mode of the SSH user admin to password authentication, and service
type to STelnet.
[Switch] ssh user admin authentication-type password //Set the authentication
of the SSH user admin to password authentication.
[Switch] ssh user admin service-type stelnet //Set the service type of the SSH
user admin to STelnet.
NOTE
To configure password authentication for multiple SSH users, run the ssh authentication-type default
password command to specify password authentication as the default authentication mode of SSH
users. After this configuration is complete, you do not need to configure the authentication mode and
service type for each SSH user, simplifying configuration and improving efficiency.
Step 2 Configure RADIUS authentication.

# Configure a RADIUS server template on the Switch to implement communication with the
RADIUS server.
[Switch] radius-server template 1 //Enter the RADIUS server template view.
[Switch-radius-1] radius-server authentication 10.2.1.1 1812 //Configure the
RADIUS server.
[Switch-radius-1] radius-server shared-key cipher Huawei@6789 //Set the shared
key of the RADIUS server to Huawei@6789.
[Switch-radius-1] quit
NOTE
If the RADIUS server does not support a user name containing the domain name, run the undo radius-
server user-name domain-included command to configure the Switch to send packets carrying a user
name without the domain name to the RADIUS server.
# Configure an AAA authentication scheme, with the authentication mode being RADIUS.
[Switch] aaa
[Switch-aaa] authentication-scheme sch1 //Create an authentication scheme
named sch1.
[Switch-aaa-authen-sch1] authentication-mode radius //Set the authentication
mode to RADIUS.
[Switch-aaa-authen-sch1] quit

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
# Create a domain, and apply the AAA authentication scheme and RADIUS server template
in the domain.
[Switch-aaa] domain huawei.com //Create a domain named huawei.com and enter
the domain view.
[Switch-aaa-domain-huawei.com] authentication-scheme sch1 //Configure the
authentication scheme sch1 for the domain.
[Switch-aaa-domain-huawei.com] radius-server 1 //Apply the RADIUS server
template 1 to the domain.
[Switch-aaa-domain-huawei.com] quit
[Switch-aaa] quit
# Configure the domain huawei.com as the default global management domain so that an
administrator does not need to enter the domain name for logging in to the Switch.
[Switch] domain huawei.com admin

# Log in to the Switch using PuTTY on the PC. Enter the IP address of the Switch and set the
protocol type to SSH, as shown in Figure 2-7.
Figure 2-7 Connecting to the SSH server using PuTTY
# Click Open. In the login interface, type the user name admin and password Huawei@1234
as prompted and press Enter. Authentication succeeds, and you successfully log in to the
Switch using STelnet. (The following information is only for reference.)
login as: admin
password:

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Info: The max number of VTY users is 8, and the number

of current VTY users online is 2.
The current login time is 2014-07-30 09:54:02+08:00.
<Switch>
----End
Configuration Files
#
sysname Switch
#
domain huawei.com admin
#
radius-server template 1
radius-server shared-key cipher %^%#}+ysUO*B&+p'NRQR0{ZW7[GA*Z*!X@o:Va15dxQAj+,
$>NP>63de|G~ws,9G%^%#
radius-server authentication 10.2.1.1 1812 weight 80
#
aaa
authentication-mode radius
domain huawei.com
radius-server 1
#
#
stelnet server enable
ssh user admin
ssh user admin authentication-type password
ssh user admin service-type stelnet
#
return
Related Content
Videos
Remotely Log In to a Switch Using Telnet.
2.4 Example for Configuring Switch Login Through the

Web System
2.4.1 Factory Settings of Web Page Files for S Series Switches
In V200R006 and later versions, the web page file has been integrated in the system software
and loaded. For factory settings of web page files in versions earlier than V200R006, see the
following tables.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Table 2-2 Factory settings of web page files for fixed switches
Product V100R006C V200R001 V200R002 V200R003 V200R005
Model 05
S2700SI/ A web page - - - -

S2700EI file is saved
in the
storage
medium, but
is not
loaded.
S2710SI A web page - - - -

file is saved
in the
storage
medium, but
is not
loaded.
S2750EI - - - A web page The system

file is saved software
in the contains a
storage web page
medium, and file that is
is loaded. loaded.
S3700SI/ A web page - - - -

S3700EI file is saved
in the
storage
medium, but
is not
loaded.
S3700HI - The storage - - -

medium
does not
contain a
web page
file.
S5710-C-LI - The storage - - -

medium
does not
contain a
web page
file.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches

Model 05
S5700EI/ - The storage A web page A web page The system

S5700SI medium file is saved file is saved software
does not in the in the contains a
contain a storage storage web page
web page medium, but medium, and file that is
file. is not is loaded. loaded for
loaded. the Classics
web system,
but does not
contain a
web page
file for the
EasyOperati
on web
system.
S5700LI/ - The storage A web page A web page The system

S5700S-LI medium file is saved file is saved software
file. is not is loaded. loaded.
loaded. NOTE
The web
page file for
the
S5700-10P-
LI needs to
be loaded
manually.
S5710EI - The storage A web page A web page The system

medium file is saved file is saved software
web system,
but does not
contain a
web page
file for the
EasyOperati
on web
system.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches

Model 05
S5700HI - The storage A web page A web page The system

web system,
but does not
contain a
web page
file for the
EasyOperati
on web
system.
S5710HI - - A web page A web page The system

file is saved file is saved software
in the in the contains a
storage storage web page
medium, but medium, and file that is
is not is loaded. loaded for
web system,
but does not
contain a
web page
file for the
EasyOperati
on web
system.
S6700EI - The storage A web page A web page The system

web system,
but does not
contain a
web page
file for the
EasyOperati
on web
system.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Table 2-3 Factory settings of web page files for modular switches
Product V200R001 V200R002 V200R003 V200R005
Model
S7700 The storage A web page file A web page file The system
medium does is saved in the is saved in the software
not contain a storage storage contains a web
web page file. medium, but is medium, and is page file that is
not loaded. loaded. loaded.
S9700 The storage A web page file A web page file The system
medium does is saved in the is saved in the software
not contain a storage storage contains a web
web page file. medium, but is medium, and is page file that is
not loaded. loaded. loaded.
NOTE
A hyphen (-) indicates that the version is not available for the model.
2.4.2 Example for Configuring Switch Login Through the Web

System (V200R001)
Overview
The web system uses the built-in web server on a switch to provide a GUI through which
users can perform switch management and maintenance. Users can log in to the web system
from terminals using HTTPS.
Configuration Notes
This example applies to V200R001 of all S series switches.
NOTE
The following uses the command lines and outputs of the S5700EI running V200R001C00 as an
example.
As shown in Figure 2-8, a switch functions as the HTTPS server. The user wants to log in to
the web system using HTTPS to manage and maintain the switch. The user has obtained the
server digital certificate 1_servercert_pem_dsa.pem and private key file
1_serverkey_pem_dsa.pem from the CA.
Figure 2-8 Networking diagram for configuring switch login through the web system
192.168.0.1/24
Network
PC HTTPS_Server

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
1. Configure a management IP address for remotely transferring files and logging in to the
switch through the web system.
2. Upload the required files to the HTTPS server through FTP, including the web page file,
server digital certificate, and private key file.
3. Load the web page file and digital certificate.
4. Bind an SSL policy and enable the HTTPS service.
5. Configure a web user and enter the web system login page.
NOTICE
FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.
Procedure
Step 1 Obtain the web page file.
The following methods are available:
l Obtain the web page file from a Huawei agent.
l Download the web page file from the Huawei enterprise technical support website
(http://support.huawei.com/enterprise). In V200R001, the web page file is named in
the format of product name-software version.web page file version.web.zip.
NOTE
Check whether the size of the obtained web page file is the same as the file size displayed on the
website. If not, an exception may occur during file download. Download the file again.
Step 2 Configure a management IP address.

[HUAWEI] sysname HTTPS_Server
[HTTPS_Server] vlan 10
[HTTPS_Server-vlan10] interface vlanif 10 //Configure VLANIF 10 as the
management interface.
[HTTPS_Server-Vlanif10] ip address 192.168.0.1 24 //Configure the IP address
and deploy the route based on the network plan to ensure reachability between the
PC and switch.
[HTTPS_Server-Vlanif10] quit
[HTTPS_Server] interface gigabitethernet 0/0/10 //In this example, GE0/0/10 is
the physical interface used for logging in to the switch through the web system
on a PC. Select an interface based on actual networking requirements.
[HTTPS_Server-GigabitEthernet0/0/10] port link-type access //Set the interface
type to access.
[HTTPS_Server-GigabitEthernet0/0/10] port default vlan 10 //Add the interface
to VLAN 10.
[HTTPS_Server-GigabitEthernet0/0/10] quit
Step 3 Upload the web page file and digital certificate to the HTTPS server through FTP.
# Configure VTY user interfaces on the HTTPS server.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
[HTTPS_Server] user-interface vty 0 14 //Enter VTY user interfaces 0 to 14.

[HTTPS_Server-ui-vty0-14] authentication-mode aaa //Set the authentication mode
of users in VTY user interfaces 0 to 14 to AAA.
[HTTPS_Server-ui-vty0-14] quit
# Configure the FTP function for the switch and information about an FTP user, including the
password, user level, service type, and authorized directory.
[HTTPS_Server] ftp server enable //Enable the FTP server function.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user client001 password cipher Helloworld@6789 //Set
the login password to Helloworld@6789.
[HTTPS_Server-aaa] local-user client001 privilege level 15 //Set the user level
to 15.
[HTTPS_Server-aaa] local-user client001 service-type ftp //Set the user service
type to FTP.
[HTTPS_Server-aaa] local-user client001 ftp-directory flash:/ //Set the FTP
authorized directory to flash:/.
[HTTPS_Server-aaa] quit
[HTTPS_Server] quit
# Log in to the HTTPS server from the PC through FTP and upload the web page file and
digital certificate to the HTTPS server.
Connect the PC to the switch using FTP. Enter the user name client001 and password
Helloworld@6789 and set the file transfer mode to binary.
The following example assumes that the PC runs the Windows XP operating system.
C:\Documents and Settings\Administrator> ftp 192.168.0.1
Connected to 192.168.0.1.
220 FTP service ready.
User (192.168.0.1:(none)): client001
331 Password required for client001.
Password:
230 User logged in.
ftp> binary //Set the file transfer mode to binary. By default, files are
transferred in ASCII mode.
200 Type set to I.
ftp>
Upload the web page file and digital certificate to the HTTPS server from the PC.
ftp> put web.zip //Upload the web page file. The web.zip file is used as an
example here.
200 Port command okay.
150 Opening BINARY mode data connection for web.zip
226 Transfer complete.
ftp: 1308478 bytes sent in 11 Seconds 4.6Kbytes/sec.
ftp> put 1_servercert_pem_dsa.pem
150 Opening BINARY mode data connection for 1_servercert_pem_dsa.pem
ftp> put 1_serverkey_pem_dsa.pem
150 Opening BINARY mode data connection for 1_serverkey_pem_dsa.pem
ftp: 951 bytes sent in 1 Second 4.6Kbytes/sec.
# Run the dir command on the Switch to check whether the web page file and digital
certificate exist in the current storage directory.
NOTE
If the sizes of the web page file and digital certificate in the current storage directory on the switch is
different from those on the PC, an exception may occur during file transfer. Upload the files again.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
# Create the subdirectory security on the HTTPS server and copy the digital certificate and
private key file to the subdirectory.
<HTTPS_Server> mkdir security
<HTTPS_Server> copy 1_servercert_pem_dsa.pem security
Copy flash:/1_servercert_pem_dsa.pem to flash:/security/1_servercert_pem_dsa.pem?
[Y/N]:y
100% complete
Info: Copied file flash:/1_servercert_pem_dsa.pem to flash:/security/
1_servercert_pem_dsa.pem...Done.
<HTTPS_Server> copy 1_serverkey_pem_dsa.pem security
Copy flash:/1_serverkey_pem_dsa.pem to flash:/security/1_serverkey_pem_dsa.pem?
[Y/N]:y
100% complete
Info: Copied file flash:/1_serverkey_pem_dsa.pem to flash:/security/
1_serverkey_pem_dsa.pem...Done.
# Run the dir command in the security subdirectory to check the digital certificate.
<HTTPS_Server> cd security
<HTTPS_Server> dir
Directory of flash:/security/
Idx Attr Size(Byte) Date Time FileName

0 -rw- 1,200 Sep 26 2013 22:35:37 1_servercert_pem_dsa.pem
1 -rw- 736 Sep 26 2013 22:36:11 1_serverkey_pem_dsa.pem
30,008 KB total (348 KB free)
Step 4 Load the web page file and digital certificate.
# Load the web page file.

<HTTPS_Server> system-view
[HTTPS_Server] http server load web.zip
# Create an SSL policy and load the PEM digital certificate.

[HTTPS_Server] ssl policy http_server
[HTTPS_Server-ssl-policy-http_server] certificate load pem-cert
1_servercert_pem_dsa.pem key-pair dsa key-file 1_serverkey_pem_dsa.pem auth-code
123456
[HTTPS_Server-ssl-policy-http_server] quit
# After the preceding configurations are complete, run the display ssl policy command on the
HTTPS server to check detailed information about the loaded digital certificate.
[HTTPS_Server] display ssl policy
SSL Policy Name: http_server

Policy Applicants:
Key-pair Type: DSA
Certificate File Type: PEM
Certificate Type: certificate
Certificate Filename: 1_servercert_pem_dsa.pem
Key-file Filename: 1_serverkey_pem_dsa.pem
Auth-code: 123456
MAC:
CRL File:
Trusted-CA File:
Step 5 Bind an SSL policy and enable the HTTPS service.

NOTE
Disable the HTTP service before enabling the HTTPS service.

[HTTPS_Server] undo http server enable //Disable the HTTP service.
[HTTPS_Server] http secure-server ssl-policy http_server //Bind an SSL policy

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
named http_server to the HTTP server.

[HTTPS_Server] http secure-server enable //Enable the HTTPS service.
Step 6 Configure a web user and enter the web system login page.
# Configure a web user.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user admin password cipher Helloworld@6789 //Create a
local user named admin and set its password to Helloworld@6789.
[HTTPS_Server-aaa] local-user admin privilege level 15 //Set the user level to
15.
[HTTPS_Server-aaa] local-user admin service-type http //Set the access type to
http, that is, web user.
# Enter the web system login page.

Open the web browser on the PC, type https://192.168.0.1 in the address box, and press
Enter. The web system login page is displayed, as shown in Figure 2-9.
You can log in to the web system using the Internet Explorer (6.0 or 8.0) or Firefox (3.5)
browsers. If the browser version or browser patch version is not within the preceding ranges,
the web page may be displayed incorrectly. Additionally, the web browser used to log in to
the web system must support JavaScript.
Enter the user name, password, and verification code. Click Login. The web system home
page is displayed.
Figure 2-9 Web system login page

Log in to the switch through the web system. The login succeeds.
Run the display http server command to view the SSL policy name and the HTTPS server
status.
[HTTPS_Server] display http server
HTTP Server Status : disabled
HTTP Server Port : 80(80)

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
HTTP Timeout Interval : 20

Current Online Users : 0
Maximum Users Allowed : 5
HTTP Secure-server Status : enabled
HTTP Secure-server Port : 443(443)
HTTP SSL Policy : http_server
----End
Configuration Files
HTTPS_Server configuration file
#
sysname HTTPS_Server
#
FTP server enable
#
vlan batch 10
#
undo http server enable
http server load web.zip
http secure-server ssl-policy http_server
http secure-server enable
#
aaa
local-user admin password cipher %$%$_h,hW_!nJ!2gXkH9v$X)+,#w%$%$
local-user admin privilege level 15
local-user admin service-type http
local-user client001 password cipher %$%$jD,QKAhe{Yd9kD9Fqi#I+QH~%$%$
local-user client001 privilege level 15
local-user client001 ftp-directory flash:/
local-user client001 service-type ftp
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
#
#
ssl policy http_server
certificate load pem-cert 1_servercert_pem_dsa.pem key-pair dsa key-file
1_serverkey_pem_dsa.pem auth-code 123456
#
return

System (V100R006C05&V200R002&V200R003)
Overview
Configuration Notes
This example applies to V100R006C05, V200R002, and V200R003 of all S series switches.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
NOTE
The following uses the command lines and outputs of the S5700EI running V200R002C00 as an
example.
the web system using HTTPS to manage and maintain the switch.
192.168.0.1/24
Network
PC HTTPS_Server
NOTE
The web page file is delivered with a switch. For all switches in V100R006C05&V200R002 and
S5700-10P-LI switches in V200R003C00, you need to load the web page file. Fixed switches excluding
S5700-10P-LI in V200R003 have loaded the web page file before delivery. Step 2 can be skipped.
A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in
the web page file. If the default SSL policy and self-signed digital certificate can meet security
requirements, you do not need to upload a digital certificate or manually configure an SSL policy,
simplifying configuration. The following configuration uses the default SSL policy provided by the
switch as an example.
1. Configure a management IP address for logging in to the switch through the web system.
2. Load the web page file.
Procedure
PC and switch.
type to access.
to VLAN 10.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Step 2 Load the web page file.

NOTE
l Run the dir command to view the name of the web page file carried by the switch.
l In V100R006C05, the web page file is named in the format of product name-software version.web
page file version.web.zip. In V200R002 and V200R003, the web page file is named in the format of
product name-software version.web page file version.web.7z.
[HTTPS_Server] http server load web.7z //Upload the web page file. The web.7z
file is used as an example here.
Step 3 Enable the HTTPS service.

[HTTPS_Server] http secure-server enable //The HTTPS service is enabled by
default and does not require manual configuration. If the HTTPS service is
manually disabled, run this command to enable it.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user admin password cipher Helloworld@6789 //Create a
local user named admin and set its password to Helloworld@6789.
15.
[HTTPS_Server-aaa] local-user admin service-type http //Set the access type to
http, that is, web user.

You can use the Internet Explorer (6.0 – 9.0), Firefox (3.5 – 17.0) browsers to log in to the
web system for V100R006C05, use the Internet Explorer (8.0), Firefox (3.6) browsers to log
in to the web system for V200R001C00, use the Internet Explorer (6.0 – 9.0), Firefox (3.5
– 17.0) browsers to log in to the web system for V2100R003C00. If the browser version or
browser patch version is not within the preceding ranges, the web page may be displayed
incorrectly. Additionally, the web browser used to log in to the web system must support
JavaScript.
Enter the user name, password, and verification code. Click Login. The web system home
page is displayed.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches

Run the display http server command to view the status of the HTTPS server.
HTTP Server Status : enabled
HTTP SSL Policy : Default
----End
Configuration Files
#
#
vlan batch 10
#
http server load web.7z
#
aaa
local-user admin password cipher %$%$+8;_RIkI680;]{;b/Vo&T/l>%$%$
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
#
return

System (V200R005)
Overview
The web system is available in EasyOperation and Classics versions.

l The EasyOperation version provides rich graphics and a more user-friendly UI on which
users can perform monitoring, configuration, maintenance, and other network operations.
l The Classics version inherits the web page style of Huawei switches and provides
comprehensive configuration and management functions.
Configuration Notes
This example applies to V200R005 of all S series switches.
NOTE
The following uses the command lines and outputs of the S5700HI running V200R005 as an example.
192.168.0.1/24
Network
PC HTTPS_Server
NOTE
A switch provides a default SSL policy and has a randomly generated self-signed digital certificate in
the web page file. If the default SSL policy and self-signed digital certificate can meet security
requirements, you do not need to upload a digital certificate or manually configure an SSL policy,
simplifying configuration. The following configuration uses the default SSL policy provided by the
switch as an example.
The system software of the following switch models in V200R005 has integrated and loaded
the web page file (including the EasyOperation and Classics editions). You only need to
configure a web user and enter the web system login page.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
l Modular switch: all models

l Fixed switch: S2750, S5700LI, S5700S-LI
The Classics web page file has been loaded on the S5700SI, S5700EI, S5710EI, S5700HI,
S5710HI, and S6700EI in V200R005, and has been loaded. To use the Classics web system,
you only need to configure a web user and enter the web system login page. To use the
EasyOperation web system, perform the configuration based on the following roadmap:
1. Configure a management IP address for remotely transferring files and logging in to the
switch through the web system.
2. Upload the web page file to the HTTPS server through FTP.
3. Load the web page file.
NOTICE
FTP is an insecure protocol. Using SFTP V2, SCP, or FTPS is recommended.
Procedure
Step 1 Obtain the web page file.
The following methods are available:
l Obtain the web page file from a Huawei agent.
l Download the web page file from the Huawei enterprise technical support website
(http://support.huawei.com/enterprise).
– For a fixed switch, download the system software containing the web page file.
– For a modular switch, download the web page file.
– In V200R005, the web page file is named in the format of product name-software
version.web page file version.web.7z.
NOTE
Check whether the size of the obtained web page file is the same as the file size displayed on the
website. If not, an exception may occur during file download. Download the file again.

PC and switch.
type to access.
to VLAN 10.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Step 3 Upload the web page file to the HTTPS server through FTP.
# Configure VTY user interfaces on the HTTPS server.
[HTTPS_Server] user-interface vty 0 14 //Enter VTY user interfaces 0 to 14.
[HTTPS_Server-ui-vty0-14] authentication-mode aaa //Set the authentication mode
of users in VTY user interfaces 0 to 14 to AAA.
[HTTPS_Server-ui-vty0-14] quit
# Configure the FTP function for the switch and information about an FTP user, including the
password, user level, service type, and authorized directory.
[HTTPS_Server] ftp server enable //Enable the FTP server function.
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user client001 password irreversible-cipher
Helloworld@6789 //Set the login password to Helloworld@6789.
[HTTPS_Server-aaa] local-user client001 privilege level 15 //Set the user level
to 15.
[HTTPS_Server-aaa] local-user client001 service-type ftp //Set the user service
type to FTP.
[HTTPS_Server-aaa] local-user client001 ftp-directory flash:/ //Set the FTP
authorized directory to flash:/.
# Log in to the HTTPS server from the PC through FTP and upload the web page file to the
HTTPS server.
Connect the PC to the switch using FTP. Enter the user name client001 and password
Helloworld@6789 and set the file transfer mode to binary.
The following example assumes that the PC runs the Windows XP operating system.
C:\Documents and Settings\Administrator> ftp 192.168.0.1
Connected to 192.168.0.1.
220 FTP service ready.
User (192.168.0.1:(none)): client001
331 Password required for client001.
Password:
230 User logged in.
ftp> binary //Set the file transfer mode to binary. By default, files are
transferred in ASCII mode.
200 Type set to I.
ftp>
Upload the web page file to the HTTPS server from the PC.
ftp> put web.7z //Upload the web page file. The web.7z file is used as an
example here.
150 Opening BINARY mode data connection for web.zip
NOTE
If the size of the web page file in the current directory on the switch is different from that on the PC, an
exception may occur during file transfer. Upload the web page file again.
Step 4 Load the web page file.

# Load the web page file.
[HTTPS_Server] http server load web.7z //Load the web page file.


S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user admin password irreversible-cipher
15.
[HTTPS_Server-aaa] local-user admin service-type http //Set the user service
type to HTTP.

Enter the web user name admin and password Helloworld@6789, and click GO or press
Enter. The web system home page is displayed. The EasyOperation web system is logged in
by default.


S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches

HTTP IPv6 Server Status : disabled
HTTP IPv6 Server Port : 80(80)
HTTP IPv6 Secure-server Status : disabled
HTTP IPv6 Secure-server Port : 443(443)
----End
Configuration Files
#
#
FTP server enable
#
vlan batch 10
#
http server load web.7z
#
aaa
local-user admin password irreversible-cipher %@%@wU:(2j8~r8Htyu3.]',NwU`Td[-
A9~9"%4Kvhm'0RV[/U`Ww%@%@
local-user client001 password irreversible-cipher %@%@5d~9:M^ipCfL
\iB)EQd>,,ajwsi[\ad,saejin[qndi83Uwe%@%@
local-user client001 privilege level 15
local-user client001 ftp-directory flash:/
local-user client001 service-type ftp
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
#
#
return
Related Content
Videos
Log In to a Switch Using the Web System.
Configure a Switch Using the Web System.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches

System (V200R006 and later versions)
Overview
The web system is available in EasyOperation and Classics versions.
l The EasyOperation version provides rich graphics and a more user-friendly UI on which
users can perform monitoring, configuration, maintenance, and other network operations.
l The Classics version inherits the web page style of Huawei switches and provides
comprehensive configuration and management functions.
NOTE
In V200R011C10 and later versions, the Classics version is not supported.
Configuration Notes
This example applies to V200R006 and later versions of all S series switches.
NOTE
The following uses the command lines and outputs of the S5700LI running V200R006C00 as an
example.
192.168.0.1/24
Network
PC HTTPS_Server
l The system software of the switch has integrated and loaded the web page file. No
manual configuration is required.
l A switch provides a default SSL policy and has a randomly generated self-signed digital
certificate in the web page file. If the default SSL policy and self-signed digital
certificate can meet security requirements, you do not need to upload a digital certificate
or manually configure an SSL policy, simplifying configuration. The following
configuration uses the default SSL policy provided by the switch as an example.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
l Configure a management IP address for logging in to the switch through the web system.
l Configure a web user and enter the web system login page.
Procedure
PC and switch.
type to access.
to VLAN 10.

[HTTPS_Server] aaa
[HTTPS_Server-aaa] local-user admin password irreversible-cipher
15.
[HTTPS_Server-aaa] local-user admin service-type http //Set the user service
type to HTTP.

Table 2-4 lists browser versions required for login to a switch through the web system. If the
browser version or browser patch version is not within the preceding ranges, the web page
may not be properly displayed. Upgrade the browser and browser patch. In addition, the
browser must support JavaScript.
Enter the web user name admin and password Helloworld@6789, and click GO or press
Enter. The web system home page is displayed. The EasyOperation web system is logged in
by default.

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
Table 2-4 Mapping between the product version and browser version
Product Browser Version for Browser Version for Classic
Version EasyOperation Web System Web System
V200R006 Internet Explorer 8.0 to 11.0, Internet Explorer 8.0 to 11.0, or

Firefox 12.0 to 28.0, or Google Firefox 12.0 to 28.0
Chrome 23.0 to 34.0
V200R007 Internet Explorer 8.0 to 11.0, Internet Explorer 8.0 to 11.0, or

Firefox 12.0 to 32.0, or Google Firefox 12.0 to 32.0
Chrome 23.0 to 37.0
V200R008 Internet Explorer 10.0, Internet Internet Explorer 10.0, Internet

Explorer 11.0, Firefox 31.0 to 35.0, Explorer 11.0, or Firefox 31.0 to
or Google Chrome 30.0 to 39.0 35.0
V200R009 Internet Explorer 10.0, Internet Internet Explorer 10.0, Internet

Explorer 11.0, Firefox 35.0 to 45.0, Explorer 11.0, or Firefox 35.0 to
or Google Chrome 34.0 to 49.0 45.0
V200R010 Microsoft Edge, Internet Explorer Internet Explorer 10.0, Internet

10.0, Internet Explorer 11.0, Firefox Explorer 11.0, or Firefox 39.0 to
39.0 to 49.0, or Google Chrome 49.0
39.0 to 54.0
V200R011C Microsoft Edge, Internet Explorer –

10 10.0, Internet Explorer 11.0, Firefox
50.0 to 54.0, or Google Chrome
50.0 to 59.0

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches

HTTP IPv6 Server Status : disabled
HTTP IPv6 Server Port : 80(80)
HTTP IPv6 Secure-server Status : disabled
HTTP IPv6 Secure-server Port : 443(443)
HTTP server source address : 0.0.0.0
----End
Configuration Files
#

S1720&S2700&S3700&S5700&S6700&S7700&S9700
Series Switches
#
vlan batch 10
#
aaa
local-user admin password irreversible-cipher %#%#wU:(2j8~r8Htyu3.]',NwU`Td[-
A9~9"%4Kvhm'0RV[/U`Ww%#%#
#
interface Vlanif10
ip address 192.168.0.1 255.255.255.0
#
#
return


02 Typical Login Configuration PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

02 Typical Login Configuration PDF

Uploaded by

Copyright:

Available Formats

S1720&S2700&S3700&S5700&S6700&S7700&S9700

2 Typical Login Configuration

About This Chapter

2.1 Example for Configuring Switch Login Through a Console Port

2.1 Example for Configuring Switch Login Through a

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 255

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 256

Figure 2-2 Connecting to the switch through the console port

Step 2 Configure terminal emulation software and log in to the Switch.

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 257

Table 2-1 Default attribute settings of a console port

Parameter Default Setting

Baud rate 9600 bit/s

Flow Control None

In V200R009 and earlier versions,

1. Click to establish a connection, as shown in Figure 2-3.

Figure 2-3 Establishing a connection

Communication parameters of terminal emulation software must be consistent with the

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 258

Figure 2-4 Setting the connected port and communication parameters

Please configure the login password

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 259

Please confirm new password: //Enter the new password again.

– The value is a string of 8 to 16 case-sensitive characters without spaces. The

Step 5 Configure the management IP address and Telnet.

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 260

[Switch-GigabitEthernet0/0/10] port link-type access //Set the interface type

# Configure the Telnet function.

Step 6 Verify the configuration.

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 261

Log In to a Switch Through the Console Port.

2.2 Example for Configuring Telnet Login (Based on ACL

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 262

Step 2 Configure a basic ACL rule.

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 263

Step 3 Configure RADIUS authentication.

Step 4 Verify the configuration.

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 264

Remotely Log In to a Switch Using Telnet.

2.3 Example for Configuring STelnet Login (Based on

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 265

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 266

# Configure the VTY user interface.

Step 2 Configure RADIUS authentication.

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 267

Step 3 Verify the configuration.

Figure 2-7 Connecting to the SSH server using PuTTY

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 268

Info: The max number of VTY users is 8, and the number

2.4 Example for Configuring Switch Login Through the

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 269

S2700SI/ A web page - - - -

S2710SI A web page - - - -

S2750EI - - - A web page The system

S3700SI/ A web page - - - -

S3700HI - The storage - - -

S5710-C-LI - The storage - - -

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 270

Product V100R006C V200R001 V200R002 V200R003 V200R005

S5700EI/ - The storage A web page A web page The system

S5700LI/ - The storage A web page A web page The system

S5710EI - The storage A web page A web page The system

Issue 20 (2017-11-20) Huawei Proprietary and Confidential 271