No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
User Login Overview

User Login Overview

When the device works as the server, a user can log in to the device through a console port, Telnet, or STelnet. When the device works as the client, the user can log in to other devices from the client through Telnet or STelnet.

To manage and maintain devices locally or remotely, a user needs to configure the user interface, user management information, and terminal services before login.
  • User interface: provides the login entry.
  • User management information: ensures login security.
  • Terminal services: support login protocols such as Telnet and Secure Shell Telnet (STelnet).

A user can log in to the device in one of the modes describes in Table 1-25 to configure and manage the device.

Table 1-25 User login modes
Login Mode Advantage Disadvantage Usage Scenario Description

Logging In Through the Console Port

A dedicated Console cable is used to connect terminals and the device to ensure effective control on the device.

Devices cannot be remotely logged in and maintained.

  • The device is configured for the first time.
  • A user cannot remotely log in to the device.
  • The device cannot be started. The user can access the BIOS menu through the console port for diagnosis or system upgrade.

It is the basis for other login modes.

By default, a user can log in to the device through the console port from the local host, and can use the commands at level 3.

Logging In Through Telnet

Devices can be managed and maintained locally or remotely. Each device does not need to be connected to a terminal, which facilitates user operations.

The TCP protocol is used to transmit data in plain text, which brings security threats.

A user connects a terminal to the network, logs in to the device through Telnet, and performs local or remote configuration. This cannot apply to the network required for high security.

By default, a user cannot log in to the device through Telnet. The user needs to log in to the device through the console port from the local host and configure the following items:
  • Routes between the terminal and device (Make sure that the route is reachable. By default, no IP address is configured on the device.)
  • Telnet server functions and parameters
  • Telnet user login interface

Logging In Through STelnet

The STelnet protocol implements secure remote logins on insecure networks, which ensures data integrity and reliability and guarantees secure data transmission.

Configurations are complicated.

If the network has a high security requirement, a user can log in to the device through STelnet. STelnet based on the Secure Shell (SSH) protocol provides information security and authentication, which protects devices against attacks such as IP address spoofing.

By default, a user can log in to the device through the STelnet.

Logging In to the Device Through SOL

No dedicated Console cable is used. You can remotely control the device by using the management module.

The mode is available only when the management module is operating properly.

  • You can log in to the device over SOL for the first time to configure the device.
  • If the device fails to start, view the startup information over SOL.

By default, you can directly log in to the device over SOL on the management module. The command access level is 3.

Console Port

A switch module provides one console port that conforms to the 232 standard. The console port is a Data Connection Equipment (DCE) port. The serial port on a user terminal is directly connected to the console port on the device for login.

Telnet

In the TCP/IP protocol suite, the Telnet protocol is applied to the application layer. The Telnet protocol provides remote login and virtual terminal functions through networks. The server/client mode is used. The Telnet client sends a request to the Telnet server, which then provides the Telnet service. The device supports the Telnet client and server functions.

As shown in Figure 1-8, Switch ModuleA works as the Telnet server and provides the Telnet client service, and Switch ModuleB provides the Telnet server functions for Switch ModuleA.

Figure 1-8 Diagram of the client/server mode adopted by Telnet

STelnet

Telnet uses the TCP protocol to transmit plain text, which does not have a secure authentication mode and is vulnerable to Denial of Service (DoS), IP address spoofing, and route spoofing attacks.

Through STelnet based on SSH2.0, the client and server establish a secure connection through negotiation, and the client can then log in to the server. SSH provides secure remote access on an insecure network by supporting the following functions:

  • Revest-Shamir-Adleman Algorithm (RSA) and Elliptic Curves Cryptography (ECC) authentication: A key pair consisting of the public and private keys needs to be created on the client, and the public key is sent to the server to which the client will log in. The server compares the client public key carried in the packet with the locally configured client public key. If the two public keys are inconsistent, the server disconnects from the client. If they are consistent, the client continues using the private key in the local key pair to perform digest algorithm, and sends the result (digital signature) to the server. The server uses the preconfigured client public key to authenticate the digital signature.

  • Data Encryption Standard (DES), 3DES, AES256, and AES128: AES is Advanced Encryption Standard. User names, passwords, and transmitted data can be encrypted.

The device supports the SSH server functions and can connect to multiple SSH clients. The device also supports the SSH client functions and allows users to establish SSH connections to the SSH server and remotely log in to the server. When working as the SSH server, the device supports SSH2.0 and SSH1.0. When working as the SSH client, the device only supports SSH2.0.

SSH supports local connections and WAN connections.

  • Local connection

    As shown in Figure 1-9, an SSH channel can be established between the SSH client and server for local connections.

    Figure 1-9 Establishing an SSH channel on a LAN

  • WAN connection

    As shown in Figure 1-10, an SSH channel can be established between the SSH client and server for WAN connections.

    Figure 1-10 Establishing an SSH channel on a WAN

SOL

The Serial over LAN (SOL) is a channel for transmitting serial data between a remote client and the serial ports on a switch module through management modules. Through this function, a user can use remote serial ports to perform operations on switch modules.

Translation
Download
Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 78702

Downloads: 3636

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next