No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S7700 and S9700 V200R010C00

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Enabling the Telnet Server Function

Enabling the Telnet Server Function

Context

When a device functions as a Telnet server, you can specify the protocol port and source interface of the Telnet server to enhance Telnet connection security.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    telnet [ ipv6 ] server enable

    The Telnet server function is enabled.

    By default, the Telnet server function is disabled on the device.

  3. (Optional) Run:

    telnet server port port-number

    The protocol port number is specified for the Telnet server.

    By default, the protocol port number of the Telnet server is 23.

    You can configure a new protocol port number for a Telnet server to prevent attackers from accessing the server using the default port.

  4. (Optional) Run:

    telnet server-source -i loopback interface-number

    The source interface is specified for the Telnet server.

    By default, the source interface of a Telnet server is not specified.

    Configuring a source interface for a Telnet server prevents exposure of the management IP address of the device, which ensures device security.

    NOTE:

    Before specifying a loopback interface as the source interface for a Telnet server, ensure that the loopback interface has been created and the route between the client and the loopback interface is reachable. Otherwise, the configuration cannot be correctly executed.

  5. (Optional) Configure ACL-based Telnet access control.

    • Control access to the local device.

      • Method 1:
        1. Run:

          acl acl-number

          An ACL is created, and the ACL view is displayed.

          acl-number refers to a basic ACL numbered from 2000 to 2999.

        2. Run:

          rule permit source source-address 0

          ACL rules are configured to prohibit devices except the device specified by source-address from accessing the local device.

        3. Run:

          quit

          Exit the ACL view.

        4. Run:

          telnet [ ipv6 ] server acl acl-number

          The ACL is configured to control devices that can access the local device using Telnet.

      • Method 2:
        1. Run:

          acl acl-number

          An ACL is created, and the ACL view is displayed.

          acl-number refers to a basic ACL numbered from 2000 to 2999.

        2. Run:

          rule permit source source-address 0

          ACL rules are configured to prohibit devices except the device specified by source-address from accessing the local device.

        3. Run:

          quit

          Exit the ACL view.

        4. Run:

          user-interface vty first-ui-number [ last-ui-number ]

          The VTY user interface view is displayed.

        5. Run:

          acl [ ipv6 ] { acl-number | acl-name } inbound

          The ACL-based Telnet access control is configured for the VTY user interface.

    • Control access of the local device to other devices.
      1. Run:

        acl acl-number

        An ACL is created, and the ACL view is displayed.

        acl-number refers to an advanced ACL numbered from 3000 to 3999.

      2. Run:

        rule deny tcp destination-port eq telnet

        ACL rules are configured to prohibit the local device from accessing other devices.

      3. Run:

        quit

        Exit the ACL view.

      4. Run:

        user-interface vty first-ui-number [ last-ui-number ]

        The VTY user interface view is displayed.

      5. Run:

        acl [ ipv6 ] { acl-number | acl-name } inbound

        The ACL-based Telnet access control is configured for the VTY user interface.

Translation
Download
Updated: 2019-08-21

Document ID: EDOC1000141895

Views: 58696

Downloads: 215

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next