Manualshelf

R0106-HP MSR Router Series Fundamentals Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
41424344454647484950
41
Logging in to the CLI
By default, you can log in to the CLI only through the console port. After you log in, you can configure
other login methods, including Telnet, SSH, AUX, and modem dial-in.
To prevent illegal access to the CLI and control user behavior, you can do the following:
Configure login authentication.
Assign user roles.
Configure command authorization and command accounting.
Use ACLs to filter unauthorized logins.
This chapter describes how to configure and use CLI login methods, including login authentication, user
roles, and common user line settings. For more information about command authorization, command
accounting, and unauthorized access filtering, see "Controlling user access."
In this ch
apter, "MSR2000" refers to MSR2003. "MSR3000" collectively refers to MSR3012, MSR3024,
MSR3044, MSR3064. "MSR4000" collectively refers to MSR4060 and MSR4080.
CLI overview
User lines
The device uses user lines (also called user interfaces) to manage CLI sessions and monitor user behavior.
You can configure access control settings, including login authentication and user role, on user lines.
After users are logged in, their actions must be compliant with the settings on the user lines assigned to
them.
Users are assigned different user lines, depending on their login methods, as shown in Table 9.
Table 9 CLI login method and u
s
er line matrix
User line Lo
g
in method
Console line Console port.
AUX line AUX port, typically used for dial-in access through modems.
True type terminal (TTY) line
Asynchronous serial port, Serial port in asynchronous mode or Async
port.
Virtual type terminal (VTY) line Telnet or SSH.
User line assignment
The device automatically assigns user lines to CLI login users, depending on their login methods. Each
user line can be assigned only to one user at a time. If no user line is available, a CLI login attempt will
be rejected.
For a CLI login, the device always picks the lowest numbered user line from the idle user lines available
for the login type. For example, four VTY lines (0 to 3) are configured, of which VTY 0 and VTY 3 are idle.
When a user Telnets to the device, the device assigns VTY 0 to the user, and uses the settings on VTY 0
to authenticate and manage the user.