No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Common Configuration Errors

Common Configuration Errors

Failing to Log In to the Telnet Server Through Telnet

Fault Description

The Telnet server fails to be logged in through Telnet.

Procedure

  1. Check whether the number of users who have logged in to the Telnet server reaches the upper limit.

    Log in to the device through a console port. Run the display users command to check whether the current VTY channel is completely occupied. By default, a maximum number of five VTY channels are allowed. You can run the display user-interface maximum-vty command to check the maximum number of users allowed in the current VTY channel.

    If the number of current users has reached the upper limit, run the user-interface maximum-vty 15 command to increase the maximum number of users allowed in the VTY channel to 15.

  2. Check whether an ACL has been configured on the VTY user interface of the device.

    Run the user-interface vty command on the Telnet server to display the user interface view. Run the display this command to check whether an ACL has been configured on the VTY user interface. If yes, record the ACL number.

    Run the display acl acl-number command on the Telnet server to check whether the Telnet client IP address is denied in the ACL. If yes, run the undo rule rule-id command in the ACL view to delete the deny rule, and then run the rule permit source source-ip-address soucer-wildcard command in the ACL view to permit the client IP address.

  3. Check the protocol configuration in the VTY user interface view.

    Run the user-interface vty command on the Telnet server to display the user interface view. Run the display this command to check whether protocol inbound on the VTY user interface is set to telnet or all. If no, run the protocol inbound { telnet | all } command to enable Telnet users to connect to the device.

  4. Check whether login authentication is configured in the VTY user interface view.

    • If the password authentication mode for login is configured in the VTY channel using the authentication-mode password command, you must enter the password upon login.

    • If the AAA authentication mode is configured using the authentication-mode aaa command, you must run the local-user user-name password command to create a local AAA user.

Failing to Log In to the SSH Server Through STelnet

Fault Description

The SSH server fails to be logged in through STelnet.

Procedure

  1. Check whether the SSH service is enabled on the SSH server.

    Log in to the SSH server through STelnet. Run the display ssh server status command to check the SSH server configuration.

    If the STelnet service is disabled, run the stelnet server enable command to enable the STelnet service on the SSH server.

  2. Check the protocol configuration in the VTY user interface view on the SSH server.

    Run the user-interface vty command on the SSH server to display the user interface view. Run the display this command to check whether protocol inbound on the VTY user interface is set to ssh or all. If no, run the protocol inbound { ssh | all } command to enable STelnet users to connect to the device.

  3. Check whether the RSA public key is configured on the SSH server.

    A local key pair must be configured when the device works as the SSH server.

    Run the display rsa local-key-pair public command on the SSH server to check the current server key pair. If no information is displayed, the server key pair has not been configured. Run the rsa local-key-pair create command to create a key pair.

  4. Check whether an SSH user is configured on the SSH server.

    Run the display ssh user-information command to view the configuration of the SSH user. If there is no configuration, run the ssh user authentication-type command in the system view to create an SSH user and configure the SSH user authentication mode.

  5. Check whether the number of users who have logged in to the SSH server reaches the upper limit.

    Log in to the device through a console port. Run the display users command to check whether the current VTY channel is completely occupied. By default, a maximum number of five VTY channels are allowed. You can run the display user-interface maximum-vty command to check the maximum number of users allowed in the current VTY channel.

    If the number of current users has reached the upper limit, run the user-interface maximum-vty 15 command to increase the maximum number of users allowed in the VTY channel to 15.

  6. Check whether an ACL is configured on the user interface of the SSH server.

    Run the user-interface vty command on the SSH server to display the SSH user interface view. Run the display this command to check whether an ACL has been configured on the VTY user interface. If yes, record the ACL number.

    Run the display acl acl-number command on the SSH server to check whether the SSH client IP address is denied in the ACL. If yes, run the undo rule rule-id command in the ACL view to delete the deny rule, and then run the rule permit source source-ip-address soucer-wildcard command in the ACL view to permit the client IP address.

  7. Check the SSH version on the SSH client and server.

    Run the display ssh server status command on the SSH server to check the SSH version.

    If the version is SSHv1, run the ssh server compatible-ssh1x enable command to configure the version compatibility function on the server.

  8. Check whether the first authentication function is enabled on the SSH client.

    Run the display this command in the system view on the SSH client to check whether the first authentication function is enabled on the SSH client.

    If no, an STelnet user fails to log in to the SSH server for the first time because verifying the RSA public key on the SSH server fails. Run the ssh client first-time enable command to enable the first authentication function on the SSH client.

Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 116592

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next