R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)
27
Configuration procedure
# Assign an IP address to GigabitEthernet 2/1/1, the interface connected to the Telnet user.
<Router> system-view
[Router] interface gigabitethernet 2/1/1
[Router-GigabitEthernet2/1/1] ip address 192.168.1.70 255.255.255.0
[Router-GigabitEthernet2/1/1] quit
# Enable Telnet server.
[Router] telnet server enable
# Enable scheme authentication on the user lines for Telnet users.
[Router] line vty 0 63
[Router-line-vty0-63] authentication-mode scheme
[Router-line-vty0-63] quit
# Enable local authentication and authorization for the ISP domain bbb.
[Router] domain bbb
[Router-isp-bbb] authentication login local
[Router-isp-bbb] authorization login local
[Router-isp-bbb] quit
# Create the user role role1.
[Router] role name role1
# Add rule 1 to permit the user role to access read commands of all features.
[Router-role-role1] rule 1 permit read feature
# Add rule 2 to permit the user role to access interface views and commands available in interface view.
[Router-role-role1] rule 2 permit command system-view ; interface *
# Change the interface policy to permit the user role to access only GigabitEthernet 2/1/2 to
GigabitEthernet 2/1/4.
[Router-role-role1] interface policy deny
[Router-role-role1-ifpolicy] permit interface gigabitethernet 2/1/2 to gigabitethernet
2/1/4
[Router-role-role1-ifpolicy] quit
[Router-role-role1] quit
# Create a device management user named user1 and enter local user view.
[Router] local-user user1 class manage
# Set a plaintext password aabbcc for the user.
[Router-luser-manage-user1] password simple aabbcc
# Specify the service type Telnet.
[Router-luser-manage-user1] service-type telnet
# Assign role1 to the user.
[Router-luser-manage-user1] authorization-attribute user-role role1
# To make sure the user has only the permissions of role1, remove the user from the default user role
network-operator.
[Router-luser-manage-user1] undo authorization-attribute user-role network-operator
[Router-luser-manage-user1] quit