4000 Router Series Fundamentals Configuration Guide

• Accesses none of the interfaces except Ethernet 1/2 to Ethernet 1/4.

Figure 3 Network diagram

Configuration procedure

# Assign an IP address to Ethernet 1/1, the interface connected to the Telnet user.

<Router> system-view

[Router] interface ethernet 1/1

[Router-Ethernet1/1] ip address 192.168.1.70 255.255.255.0

[Router-Ethernet1/1] quit

# Enable Telnet server.

[Router] telnet server enable

# Enable scheme authentication on the user lines for Telnet users.

[Router] line vty 0 63

[Router-line-vty0-63] authentication-mode scheme

[Router-line-vty0-63] quit

# Enable local authentication and authorization for the ISP domain bbb.

[Router] domain bbb

[Router-isp-bbb] authentication login local

[Router-isp-bbb] authorization login local

[Router-isp-bbb] quit

# Create the user role role1.

[Router] role name role1

# Add rule 1 to permit the user role to access read commands of all features.

[Router-role-role1] rule 1 permit read feature

# Add rule 2 to permit the user role to access interface views and commands available in interface view.

[Router-role-role1] rule 2 permit command system-view ; interface *

# Change the interface policy to permit the user role to access only Ethernet 1/2 to Ethernet 1/4.

[Router-role-role1] interface policy deny

[Router-role-role2-ifpolicy] permit interface ethernet1/2 to ethernet1/4

[Router-role-role1-ifpolicy] quit

[Router-role-role1] quit

# Create a management local user named user1 and enter its view.

[Router] local-user user1 class manage

# Set a plaintext password aabbcc for the user.

[Router-luser-manage-user1] password simple aabbcc

# Specify the service type Telnet.

[Router-luser-manage-user1] service-type telnet

# Assign role1 to the user.

[Router-luser-manage-user1] authorization-attribute user-role role1