No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring the VTY User Interface

Configuring the VTY User Interface

Pre-configuration Tasks

Before configuring a VTY user interface, og in to the device using a terminal.

NOTE:

Parameters have default values with the exception of the ACL number that restricts the call-in and call-out permissions on the VTY interface, authentication mode on the user interface, and user name and password. You can set parameters based on the site requirements.

Procedure

You can perform the configuration operations in any sequence.

Configuring the Maximum Number of Concurrent VTY User Interfaces

Context

Users can configure the maximum number of concurrent VTY user interfaces to control the number of users who log in to the device at the same time. The number of VTY user interfaces equals the total number of Telnet and SSH users.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    user-interface maximum-vty number

    The maximum number of VTY user interfaces is set.

    By default, the maximum number of VTY user interfaces is 5.

    When the maximum number of VTY user interfaces is set to 0, no user (including the NMS user) can log in to the device using the VTY interface.

    If you set the maximum number of the VTY user interfaces to a value smaller than the number of current online users, the system displays a configuration failure message.

    After increasing the number of VTY user interfaces, you must configure the authentication mode for new VTY users.

(Optional) Configuring Restrictions on ACL-based Logins on the VTY User Interface

Context

You can use the ACL to restrict login permissions on the VTY user interface. Before configuring restrictions on login permissions on the VTY user interface, run the acl command in the system view to create an ACL and enter the ACL view, and run the rule command to add rules for accessing the ACL.

NOTE:
  • The user interface supports basic ACLs (2000-2999) and advanced ACLs (3000-3999).

  • ACL rule:
    • When permit is used in the ACL rule:
      • If the ACL is applied in the inbound direction, other devices that match the ACL rule can access the local device.
      • If the ACL is applied in the outbound direction, the local device can access other devices that match the ACL rule.
    • When deny is used in the ACL rule:

      • If the ACL is applied in the inbound direction, other devices that match the ACL rule cannot access the local device.
      • If the ACL is applied in the outbound direction, the local device cannot access other devices that match the ACL rule.
    • When the ACL rule is configured but packets from other devices do not match the rule:

      • If the ACL is applied in the inbound direction, other devices cannot access the local device.
      • If the ACL is applied in the outbound direction, the local device cannot access other devices.
    • When the ACL contains no rule:

      • If the ACL is applied in the inbound direction, any other devices can access the local device.
      • If the ACL is applied in the outbound direction, the local device can access any other devices.
  • For details on how to configure the ACL, see ACL Configuration.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    user-interface vty first-ui-number [ last-ui-number ]

    The VTY user interface view is displayed.

  3. Run:

    acl acl-number { inbound | outbound }

    ACL restrictions on VTY login permissions are configured.

    • To restrict users at a specified address or address segment from logging in to the device, use the inbound parameter.
    • To restrict users who have log in to a device from logging in to other devices, use the outbound parameter.

Configuring Terminal Attributes on the VTY User Interface

Context

Users can configure terminal attributes on the VTY user interface. These attributes include the timeout disconnection function, number of lines on the terminal screen, and size of the history command buffer.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    user-interface vty first-ui-number [ last-ui-number ]

    The VTY user interface view is displayed.

  3. Run:

    shell

    The VTY terminal service is enabled.

    By default, all VTY terminal services are enabled.

  4. Run:

    idle-timeout minutes [ seconds ]

    The timeout disconnection function is set.

    If no operation is performed on the device before the end of the timeout period, the terminal disconnects from the device automatically.

    By default, the timeout duration is 5 minutes.

  5. Run:

    screen-length screen-length [ temporary ]

    The number of lines displayed on the terminal screen is set.

    The temporary parameter specifies the temporary number of lines displayed on the terminal screen.

    The default number of lines displayed on the terminal screen is 24.

  6. Run:

    history-command max-size size-value

    The history command buffer is set.

    By default, the history command buffer can store up to 10 commands.

Configuring the User Level on the VTY User Interface

Context

  • Users can be configured with different user levels to control the device access permission, improving device security.
  • There are 16 user levels numbered from 0 to 15, in ascending order of priorities.
  • User levels map command levels. A user can only run commands at the same or lower level.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    user-interface vty first-ui-number [ last-ui-number ]

    The VTY user interface view is displayed.

  3. Run:

    user privilege level level

    The user level is set.

    Table 3-15 describes the mapping between user levels and command levels.

    Table 3-15  Mapping between user levels and command levels

    User Level

    Command Level

    Permission

    Description

    0

    0

    Visit

    Commands at this level are network diagnosis commands, such as ping and tracert commands, and commands used to access remote devices such as Telnet clients.

    1

    0 and 1

    Monitoring

    Commands at this level are system maintenance commands such as display commands.

    NOTE:

    Some display commands are not at this level. For example, the display current-configuration and display saved-configuration commands are at level 3. For details about command levels, see the Command Reference.

    2

    0, 1, and 2

    Configuration

    Commands at this level are used for service configuration. These commands include routing commands and commands at each network layer to provide network services to users.

    3-15

    0, 1, 2, and 3

    Management

    Commands at these levels are system basic operation commands that support services, including file system, FTP, TFTP, user management commands, command level configuration commands, and debugging commands.

    NOTE:
    • By default, users that log in to the device using the VTY interface can run commands at level 0.

    • If the command access level configured in the user interface view and user priority are inconsistent, user priority takes precedence.

Configuring the Authentication Mode for VTY Users

Context

The system provides AAA and password authentication modes to ensure device security.

Procedure

  • Configuring AAA authentication
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      user-interface vty first-ui-number [ last-ui-number ]

      The VTY user interface view is displayed.

    3. Run:

      authentication-mode aaa

      The user authentication mode is set to AAA.

    4. Run:

      quit

      The user quits the VTY user interface view.

    5. Run:

      aaa

      The AAA view is displayed.

    6. Run:

      local-user user-name password irreversible-cipher password

      The local user name and password are configured.

    7. Run:

      local-user user-name service-type { telnet | ssh }

      The service type of the local user is set to Telnet or SSH.

    8. Run:

      quit

      Exit from the AAA view.

  • Configuring password authentication
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      user-interface vty first-ui-number [ last-ui-number ]

      The VTY user interface view is displayed.

    3. Run:

      authentication-mode password

      The user authentication mode is set to password.

    4. Run:

      set authentication password cipher

      The authentication password is configured. You can enter a password in cipher text.

Checking the Configurations

Context

After configurations for the VTY user interface are complete, run the commands to check the configurations.

Procedure

  • ‏Run the display users [ all ] command to view user information for the user interface.
  • Run the display user-interface maximum-vty command to view the maximum number of VTY user interfaces.
  • Run the display user-interface vty ui-number1 [ summary ] command to view the information about the user interface.
  • Run the display local-user command to view the local user list.
  • Run the display vty mode command to view the VTY mode.
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 115608

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next