hi,

in your vty lines configuration you need:

line vty 0 63

 authentication-mode password

 set authentication password <your_password>

 user-role network-admin

 protocol inbound telnet

 quit

Normaly if you are not priviledged and need to be, you'd do the "super"-command

However its not certain that your current priviledge-level grants you access to that.

In the above "user-role network-admin" grants you admin-priviledge, but maybe you'd like

a view-only kind'a access you could say "user-role network-operator" instead.

And then from network-operator, you could gain admin-priviledge using the super command.

To use the super you need to grant the vty lines access to it.

Lets make a role, that allows the "super"-command and nothing else

role name priv
 rule 1 permit command super

 quit

Now add this role to the vty lines

line vty 0 63

  user-role priv

  quit

and you need to set the super password.

super password simple <your_super_password>

Then you could log in and have operator access, and gain admin priviledge using the super command

if you want to enable the web-service, you need to do:

ip https enable

or for nonsecure web access

ip http enable

 Regards

Please dont use telnet, use ssh if you need remote access to the device.

Here is a basic config you can apply (taken from a HP A5820 running R1808P25 or newer):

#

super password level 3 cipher <REMOVED>
#
local-user <REMOVED>
password cipher <REMOVED>
authorization-attribute level 1
service-type ssh terminal
#
acl number 2002 name v4-MGMT-SSH
hardware-count enable
rule 0 deny fragment
rule 5 permit source <REMOVED> 0
rule 10 deny
#
acl ipv6 number 2002 name v6-MGMT-SSH
hardware-count enable
rule 0 deny fragment
rule 5 deny routing
rule 10 deny
#
ssh server enable
ssh server rekey-interval 1
undo ssh server compatible-ssh1x
undo sftp server enable
ssh client source interface LoopBack0
ssh server acl 2002
ssh server ipv6 acl ipv6 2002
#
user-interface vty 0 15
acl 2002 inbound
acl ipv6 2002 inbound
authentication-mode scheme
user privilege level 1
set authentication password cipher <REMOVED>
protocol inbound ssh
terminal type vt100
#

You will also need to create the private keys before you can use the ssh server in your comware device, see the manual for more info.

We are a test lab and are trying to get the HP 5900 up and running in a relatively simple configuration. I need a simple telnet connection that has the same privileges as the console port. I've tried the commands suggested in this thread, but keep getting the following message when I try anything useful from the telnet session.

"System is busy or this command can't be executed because of no such privilege!"

Here is a snippet of our configuration so far:

line class vty
 authentication-mode none
 user-role network-admin
 user-role network-operator
 user-role privilege
 protocol inbound telnet
 command authorization
#
line vty 0 63
 authentication-mode none
 user-role network-admin
 user-role network-operator
 user-role priv
 user-role privilege
 protocol inbound telnet
 command authorization
#

What am I missing?

Thanks!

Thanks,

All the posts  gave me idea, got it working.

I just had to give

>user-role network-admin

Thanks to all.

hi DennisMartin

in your case you need to remove the "command authorization". that is

line vty 0 63

 undo command authorization

 quit

line class vty

 undo command authorization

 quit

That said. You are of course aware that everyone able to access that net-segment can access your switch with FULL priviledges.

use ssh and make a user with a password, og even better a scheme. - you'll need it when the switch need to enter a "real" environment anyways.

Regards.

Thanks. That solved the problem. Yes, I'm aware that this is unsecure, but we are a test lab connected to test equipment for this project.

Best regards!