No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
User Login Overview

User Login Overview

When the device works as the server, a user can log in to the device through a console port, Telnet, or STelnet. When the device works as the client, the user can log in to other devices from the client through Telnet or STelnet.

To manage and maintain devices locally or remotely, a user needs to configure the user interface, user management information, and terminal services before login.
  • User interface: provides the login entry.
  • User management information: ensures login security.
  • Terminal services: support login protocols such as Telnet and Secure Shell Telnet (STelnet).

A user can log in to the device in one of the modes describes in Table 3-16 to configure and manage the device.

Table 3-16  User login modes
Login Mode Advantage Disadvantage Usage Scenario Description

Logging In Through the Console Port

A dedicated Console cable is used to connect terminals and the device to ensure effective control on the device.

Devices cannot be remotely logged in and maintained.

  • The device is configured for the first time.
  • A user cannot remotely log in to the device.
  • The device cannot be started. The user can access the uBoot menu through the console port for diagnosis or system upgrade.

By default, you can log in to the device through the console port to configure parameters for console port login.

The STelnet service is enabled on the device before delivery. You can use the default IP address to log in to the device through STelnet and configure parameters for console port login.

NOTE:

For details on first login using the default IP address in stelnet mode or through the console port, see Logging In to the System for the First Time.

Logging In Through Telnet

Devices can be managed and maintained locally or remotely. Each device does not need to be connected to a terminal, which facilitates user operations.

The TCP protocol is used to transmit data in plain text, which brings security threats.

A user connects a terminal to the network, logs in to the device through Telnet, and performs local or remote configuration. This cannot apply to the network required for high security.

By default, you cannot log in to the device directly through Telnet. To log in to the device through Telnet, log in to the device through the console port or remotely through STelnet and configure Telnet login parameters.

NOTE:

For details on first login using the default IP address in stelnet mode or through the console port, see Logging In to the System for the First Time.

Logging In Through STelnet

The STelnet protocol implements secure remote logins on insecure networks, which ensures data integrity and reliability and guarantees secure data transmission.

Configurations are complicated.

If the network has a high security requirement, a user can log in to the device through STelnet. STelnet based on the Secure Shell (SSH) protocol provides information security and authentication, which protects devices against attacks such as IP address spoofing.

  • By default, the STelnet service is enabled on the device. You can use the default IP address to log in to the device through STelnet and configure STelnet login parameters.
  • You can also log in to the device through the console port to configure STelnet login parameters.
NOTE:

For details on first login using the default IP address in stelnet mode or through the console port, see Logging In to the System for the First Time.

Console Port

A main control board provides one console port that conforms to the EIA/TIA-232 standard. The console port is a Data Connection Equipment (DCE) port. The serial port on a user terminal is directly connected to the console port on the device for login.

Telnet

In the TCP/IP protocol suite, the Telnet protocol is applied to the application layer. The Telnet protocol provides remote login and virtual terminal functions through networks. The server/client mode is used. The Telnet client sends a request to the Telnet server, which then provides the Telnet service. The device supports the Telnet client and server functions.

As shown in Figure 3-4, AP1 works as the Telnet server and provides the Telnet client service, and AP2 provides the Telnet server functions for AP1.

Figure 3-4  Diagram of the client/server mode adopted by Telnet

STelnet

Telnet uses the TCP protocol to transmit plain text, which does not have a secure authentication mode and is vulnerable to Denial of Service (DoS), IP address spoofing, and route spoofing attacks.

Through STelnet based on SSH, the client and server establish a secure connection through negotiation, and the client can then log in to the server. SSH provides secure remote access on an insecure network by supporting the following functions:

  • Revest-Shamir-Adleman Algorithm (RSA) authentication: A key pair consisting of the public and private keys needs to be created on the client, and the public key is sent to the server to which the client will log in. The server compares the client public key carried in the packet with the locally configured client public key. If the two public keys are inconsistent, the server disconnects from the client. If they are consistent, the client continues using the private key in the local key pair to perform digest algorithm, and sends the result (digital signature) to the server. The server uses the preconfigured client public key to authenticate the digital signature.

  • Data Encryption Standard (DES), 3DES, and AES128: AES is Advanced Encryption Standard. User names, passwords, and transmitted data can be encrypted.

    NOTE:
    The AES128 algorithm is recommended to improve data transmission security.

The device supports the SSH server functions and can connect to multiple SSH clients. The device also supports the SSH client functions and allows users to establish SSH connections to the SSH server and remotely log in to the server. When working as the SSH server, the device supports SSH2.0 and SSH1.0. When working as the SSH client, the device only supports SSH2.0.

SSH supports local connections and WAN connections.

  • Local connection

    As shown in Figure 3-5, an SSH channel can be established between the SSH client and server for local connections.

    Figure 3-5  Establishing an SSH channel on a LAN

  • WAN connection

    As shown in Figure 3-6, an SSH channel can be established between the SSH client and server for WAN connections.

    Figure 3-6  Establishing an SSH channel on a WAN

Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 118064

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next