- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Telnet Remote Access - No Privileges
-
- Forums
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- OEM Solutions
- Servers: The Right Compute
- Shifting to Software-Defined
- Telecom IQ
- Transforming IT
- Infrastructure Solutions German
- L’Avenir de l’IT
- IT e Trasformazione Digitale
- Enterprise Topics
- ИТ для нового стиля бизнеса
- Blogs
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Forums
-
Blogs
-
InformationEnglish
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-20-2015 07:07 AM
01-20-2015 07:07 AM
Hi,
I enabled telnet access as below
>telnet server enable
>user-interface vty 0 4
>set authentication ...
>protocol inbound telnet
Now when I access the switch remotely, the privilege is less and I am not able to execute any commands
Is there any way to access the exec mode in the HP 5900 switch ?
Also how to enable the web access on the switch ?
Please let me know your suggestions
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-20-2015 07:12 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-20-2015 07:43 AM
01-20-2015 07:43 AM
Re: Telnet Remote Access - No Privileges
hi,
in your vty lines configuration you need:
line vty 0 63
authentication-mode password
set authentication password <your_password>
user-role network-admin
protocol inbound telnet
quit
Normaly if you are not priviledged and need to be, you'd do the "super"-command
However its not certain that your current priviledge-level grants you access to that.
In the above "user-role network-admin" grants you admin-priviledge, but maybe you'd like
a view-only kind'a access you could say "user-role network-operator" instead.
And then from network-operator, you could gain admin-priviledge using the super command.
To use the super you need to grant the vty lines access to it.
Lets make a role, that allows the "super"-command and nothing else
role name priv
rule 1 permit command super
quit
Now add this role to the vty lines
line vty 0 63
user-role priv
quit
and you need to set the super password.
super password simple <your_super_password>
Then you could log in and have operator access, and gain admin priviledge using the super command
if you want to enable the web-service, you need to do:
ip https enable
or for nonsecure web access
ip http enable
Regards
Region Midtjylland
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-20-2015 11:20 AM
01-20-2015 11:20 AM
Re: Telnet Remote Access - No Privileges
Please dont use telnet, use ssh if you need remote access to the device.
Here is a basic config you can apply (taken from a HP A5820 running R1808P25 or newer):
#
super password level 3 cipher <REMOVED>
#
local-user <REMOVED>
password cipher <REMOVED>
authorization-attribute level 1
service-type ssh terminal
#
acl number 2002 name v4-MGMT-SSH
hardware-count enable
rule 0 deny fragment
rule 5 permit source <REMOVED> 0
rule 10 deny
#
acl ipv6 number 2002 name v6-MGMT-SSH
hardware-count enable
rule 0 deny fragment
rule 5 deny routing
rule 10 deny
#
ssh server enable
ssh server rekey-interval 1
undo ssh server compatible-ssh1x
undo sftp server enable
ssh client source interface LoopBack0
ssh server acl 2002
ssh server ipv6 acl ipv6 2002
#
user-interface vty 0 15
acl 2002 inbound
acl ipv6 2002 inbound
authentication-mode scheme
user privilege level 1
set authentication password cipher <REMOVED>
protocol inbound ssh
terminal type vt100
#
You will also need to create the private keys before you can use the ssh server in your comware device, see the manual for more info.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-20-2015 02:58 PM
01-20-2015 02:58 PM
Re: Telnet Remote Access - No Privileges
We are a test lab and are trying to get the HP 5900 up and running in a relatively simple configuration. I need a simple telnet connection that has the same privileges as the console port. I've tried the commands suggested in this thread, but keep getting the following message when I try anything useful from the telnet session.
"System is busy or this command can't be executed because of no such privilege!"
Here is a snippet of our configuration so far:
line class vty
authentication-mode none
user-role network-admin
user-role network-operator
user-role privilege
protocol inbound telnet
command authorization
#
line vty 0 63
authentication-mode none
user-role network-admin
user-role network-operator
user-role priv
user-role privilege
protocol inbound telnet
command authorization
#
What am I missing?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-20-2015 11:04 PM
01-20-2015 11:04 PM
Re: Telnet Remote Access - No Privileges
Thanks,
All the posts gave me idea, got it working.
I just had to give
>user-role network-admin
Thanks to all.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-21-2015 02:29 AM
01-21-2015 02:29 AM
Re: Telnet Remote Access - No Privileges
hi DennisMartin
in your case you need to remove the "command authorization". that is
line vty 0 63
undo command authorization
quit
line class vty
undo command authorization
quit
That said. You are of course aware that everyone able to access that net-segment can access your switch with FULL priviledges.
use ssh and make a user with a password, og even better a scheme. - you'll need it when the switch need to enter a "real" environment anyways.
Regards.
Region Midtjylland
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-26-2015 01:20 PM
01-26-2015 01:20 PM
Re: Telnet Remote Access - No Privileges
Thanks. That solved the problem. Yes, I'm aware that this is unsecure, but we are a test lab connected to test equipment for this project.
Best regards!
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2019 Hewlett Packard Enterprise Development LP