Administrator Interface Overview
An administrator interface is a unified page on which administrators using a certain login method are managed and not bound to specific administrators.
When an administrator logs in, the device automatically assigns the administrator an idle administrator interface with the minimum number by login method. The administrator interface configurations control the login process.
Table 1 shows the relationship between administrator interfaces and login methods.
Login Method |
Administrator Interface |
Description |
|
|---|---|---|---|
Web |
Web-based administrator interface |
Controls the web login behavior, such as setting timeout period after login and account lockout upon the failed login. |
|
Console |
CLI administrator interface |
Console interface |
Controls console login behavior. There is only one console interface because only one administrator can log in to the device through the console port at one time. |
Telnet/STelnet |
Virtual Type Terminal (VTY) interface |
Controls Telnet or STelnet login behavior. By default, the service supports five VTY interfaces. A maximum of 15 interfaces can be supported. The number of VTY interfaces determines the maximum number of concurrent Telnet or STelnet administrators. If an administrator logs in, the device automatically assigns an idle VTY interface to the administrator in order. NOTICE:
During Telnet login, data and passwords are transmitted in plaintext mode, causing security risks. To secure data transmission, use STelnet instead. |
|
CLI Administrator Interface Numbering Methods
The CLI administrator interfaces are distinguished by number. A user must access the administrator interface view to configure functions. There are two types of CLI administrator interface numbers.
Relative numbers
The same type of administrator interfaces uses relative numbers, which are in the format of type + number.
Relative numbers apply to administrator interfaces of the same type.
Absolute numbers
Absolute numbers apply to all types of administrator interfaces on a FW.
Table 2 lists relative and absolute numbers of the console, and VTY interfaces on a FW.
CLI Administrator Interface |
Absolute Number |
Relative Number |
|---|---|---|
Console |
0 |
CON0 |
VTY |
34 to 38 |
VTY0 to VTY14 34 is mapped to VTY0. |
You can run the display user-interface command on a FW to display the numbers of CLI administrator interfaces.
CLI Administrator Interface Authentication Modes
The web administrator interface does not have an independent authentication mode but uses the administrator authentication mode. Table 3 lists authentication modes for CLI administrator interfaces.
Authentication Mode |
CLI Administrator Interface |
Description |
|
|---|---|---|---|
Console |
VTY |
||
AAA |
Supported |
Supported and enabled by default |
If Authentication, Authorization and Accounting (AAA) authentication is enabled on CLI administrator interface, an administrator must enter an administrator account and a password to log in to the FW. The administrator can log in to an administrator interface only after being authenticated by the FW. For description of the administrator authentication mode, see Administrator Overview. |
Password |
Supported and enabled by default |
Supported |
A FW authenticates an administrator based only on a password. The password of an administrator is set on the interface to which the administrator logs in. The password mode is not widely used because the mode does not require an administrator account and is insecure. |
CLI Administrator Interface Levels
If the CLI administrator interface uses AAA domain authentication, the administrator account level is prior to the administrator interface level. The administrator interface level takes effect only when the administrator account level is not set.