Started with:
google: hp comware command reference
found: http://www.cisco.leu.lt/wp-content/uploads/2011/06/HP_CLI_Ref_Guide_2010.pdf
In this document, on page-29, there is no equivalent Comware CLI command to IOS CLI 'enable secret' or 'enable password' command.
Checked the Console port default behavior with Simware5:
******************************************************************************
* Copyright (c) 2004-2010 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
User interface con0 is available.
Please press ENTER.
#Aug 4 13:23:53:098 2014 H3C SHELL/4/LOGIN:
Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1
%Aug 4 13:23:53:114 2014 H3C SHELL/5/SHELL_LOGIN: Console logged in from con0.
<Switch>super
User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
<Switch>
<Switch>display users
The user application information of the user interface(s):
Idx UI Delay Type Userlevel
+ 0 CON 0 00:00:00 3
+ : Current operation user.
F : Current operation user work in async mode.
<Switch>
Tested by forcing the console session to user privilege level 0:
#
user-interface con 0
authentication-mode password
user privilege level 0
set authentication password simple d0nttell
#
Result: failed. Once successfully login, user was right away in level 3 mode, although with 'user privilege level 0' configured on con 0.
User interface con0 is available.
Please press ENTER.
Login authentication
Password:
<Switch>
#Aug 4 13:30:16:268 2014 H3C SHELL/4/LOGIN:
Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1
%Aug 4 13:30:16:284 2014 H3C SHELL/5/SHELL_LOGIN: Console logged in from con0.
<Switch>
<Switch>
User privilege level is 3,User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
<Switch>
<Switch>
System View: return to User View with Ctrl+Z.
[Switch]
Further testing by using local authentication with level 0 user:
#
user-interface con 0
authentication-mode scheme
user privilege level 0
#
local-user user_a
password simple pl5tell
service-type terminal
#
# authorization-attribute level 0 was input, but not shown in the display current config
#
Result: failed. The 'user_a' could have system-view access directly, once successfully login on console session.
User interface con0 is available.
Please press ENTER.
Login authentication
Username:user_a
Password:
<Switch>
#Aug 4 13:38:34:941 2014 H3C SHELL/4/LOGIN:
Trap 1.3.6.1.4.1.25506.2.2.1.1.3.0.1
%Aug 4 13:38:34:956 2014 H3C SHELL/5/SHELL_LOGIN: user_a logged in from con0.
<Switch>
<Switch>
User privilege level is 3, and only those commands can be used
whose level is equal or less than this.
Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE
<Switch>
System View: return to User View with Ctrl+Z.
[Switch]
Google: comware con 0 user privilege level
Found: http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/Switches/H3C_S5120_Series_Switches/Command/Command/H3C_S5120-SI_CR-Release_1101-6W105/201108/723527_1285_0.htm#_Toc300908380
In this document, page 1-25 (PDF page-26), it says "..By default, the commands of level 3 are available to the users logging into the AUX user interface. The
commands of level 0 are available to the users logging into VTY user interfaces. .."
Conclusion: for Comware, there is no way to place a password between User View and System View for access through Console port (user-interface con0), because the user-interface con0 is by default has been set to level 3.
1 comment:
The simulator doesn't have a console port because it isn't hardware. All simulators will be short on some features for various reasons. The link below is an example to securing the console port on a HP switch running Comware v5.
http://marcooctavian.me/?p=23
Post a Comment