How to log into Huawei S3300 switch? It is very simple. Which method you will chose depends on what you want to do on this device. If you want to upload file to or download it from the switch, use FTP or SFTP. If you want to configure the switch, use telnet, SSH or HTTP methods. Each time you can access the switch using console port, locally or remotely, in case a console server is configured.
# telnet server enable # aaa local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4 local-user labnario privilege level 15 local-user labnario service-type telnet # user-interface vty 0 4 authentication-mode aaa protocol inbound all #
By default telnet server is enabled on S3300 switch. As this is default setting, it is not displayed in switch’s configuration. VTY lines use local user configured, to let you access the switch. Protocol inbound all command informs you that you can use both protocols, telnet and SSH.
The second method of using telnet is to configure authentication-mode for VTY as none or password. None means access without login and password, authentication-mode as password means you have to know password to access the switch. Additionally you should configure privilege level and password for VTY lines. By default user privilege level is set to 0.
# user-interface vty 0 4 authentication-mode none user privilege level 15 protocol inbound all # user-interface vty 0 4 authentication-mode password user privilege level 15 set authentication password cipher &EU15O"Q3/;Q=^Q`MAF4 protocol inbound all #
# aaa local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4 local-user labnario privilege level 15 local-user labnario service-type ssh # stelnet server enable ssh user labnario ssh user labnario authentication-type password ssh user labnario service-type all # user-interface vty 0 4 authentication-mode aaa protocol inbound all #
In this case, SSH uses aaa settings, to access the device. For proper SSH configuration it is required to create RSA key. You can do this using the following command:
[labnario] rsa local-key-pair create The key name will be: labnario_Host The range of public key size is (512 ~ 2048). NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]: Generating keys... .............++++++++++++ ..........++++++++++++ ................++++++++ ....................................++++++++
You can display RSA key by display rsa local-key-pair public command. Besides password, it is also possible to use RSA key or both RSA key and password, for SSH connection.
S3300 as FTP server
# FTP server enable # aaa local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4 local-user labnario privilege level 15 local-user labnario ftp-directory flash: local-user labnario service-type ftp #
You can also configure secure FTP (sFTP) adding the following command:
# sftp server enable #
Access S3300 by HTTP
For Huawei S3300 switch there is also possible to use HTTP to access it. To do this, you have to load necessary file, delivered together with software. You can display all files, stored in flash, using dir command:
<labnario> dir Directory of flash:/ Idx Attr Size(Byte) Date Time FileName 0 -rw- 8,124,916 Jan 01 2008 02:14:24 S3328-V100R005C00SPC100.cc 1 -rw- 869 Jan 01 2008 00:01:21 private-data.txt 2 -rw- 396 Jan 01 2008 00:12:06 hostkey 3 -rw- 120 Aug 04 2011 08:49:23 vrpcfg.zip 4 -rw- 540 Jan 01 2008 00:12:11 serverkey 5 -rw- 1,087,883 Jan 01 2008 00:36:13 s3328-v100r005.001.web.zip 14,632 KB total (5,580 KB free)
HTTP access configuration:
[labnario] http server load s3328-v100r005.001.web.zip Info: Load web file successfully. [labnario] http server enable Info: Starting the HTTP server successfully. [labnario] aaa [labnario-aaa] local-user labnario password cipher &EU15O"Q3/;Q=^Q`MAF4 [labnario-aaa] local-user labnario privilege level 15 [labnario-aaa] local-user labnario service-type http
Finally use IP address configured on the switch for HTTP access:
# vlan 100 # interface Ethernet0/0/1 port link-type access port default vlan 100 # interface Vlanif100 ip address 172.16.1.2 255.255.0.0 #