No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S9300, S9300E, and S9300X V200R011C10

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Enabling the Telnet Server Function

Enabling the Telnet Server Function

Context

When a device functions as a Telnet server, you can specify the protocol port and source interface of the Telnet server to enhance Telnet connection security.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run telnet [ ipv6 ] server enable

    The Telnet server function is enabled.

    By default, the Telnet server function is disabled on a device.

  3. (Optional) Run telnet server port port-number

    The protocol port number is specified for the Telnet server.

    By default, the protocol port number of the Telnet server is 23.

    You can configure a new protocol port number for a Telnet server to prevent attackers from accessing the server using the default port.

  4. (Optional) Run telnet server-source -i loopback interface-number

    The source interface is specified for the Telnet server.

    By default, the source interface of a Telnet server is not specified.

    Configuring a source interface for a Telnet server prevents exposure of the management IP address of the device, which ensures device security.

    NOTE:

    Before specifying a loopback interface as the source interface for a Telnet server, ensure that the loopback interface has been created and the route between the client and the loopback interface is reachable; otherwise, the configuration cannot be correctly executed.

  5. (Optional) Configure ACL-based Telnet access control.

    • Control access from other devices to the local device.

      • Method 1:
        1. Run acl acl-number or acl ipv6 acl6-number

          An ACL or ACL6 is created, and the ACL or ACL6 view is displayed.

          The value of acl-number or acl6-number must be within the range from 2000 to 2999 (basic ACLs).

        2. Run rule permit source source-address 0 or rule permit source source-ipv6-address 0

          An ACL or ACL6 rule is configured to prohibit devices except the device with the address specified by source-address or source-ipv6-address from accessing the local device.

        3. Run quit

          Exit from the ACL or ACL6 view.

        4. Run telnet [ ipv6 ] server acl acl-number

          The ACL is configured to control devices that can access the local device using Telnet.

      • Method 2:
        1. Run acl acl-number or acl ipv6 acl6-number

          An ACL or ACL6 is created, and the ACL or ACL6 view is displayed.

          The value of acl-number or acl6-number must be within the range from 2000 to 2999 (basic ACLs).

        2. Run rule permit source source-address 0 or rule permit source source-ipv6-address 0

          An ACL or ACL6 rule is configured to prohibit devices except the device with the address specified by source-address or source-ipv6-address from accessing the local device.

        3. Run quit

          Exit from the ACL or ACL6 view.

        4. Run user-interface vty first-ui-number [ last-ui-number ]

          The VTY user interface view is displayed.

        5. Run acl [ ipv6 ] { acl-number | acl-name } inbound

          ACL-based access control is configured for the VTY user interface.

    • Control access from the local device to other devices.
      1. Run acl acl-number or acl ipv6 acl6-number

        An ACL or ACL6 is created, and the ACL or ACL6 view is displayed.

        The value of acl-number or acl6-number must be within the range from 3000 to 3999 (advanced ACLs).

      2. Run rule deny tcp destination-port eq telnet

        An ACL or ACL6 rule is configured to prohibit the local device from accessing other devices.

      3. Run quit

        Exit from the ACL or ACL6 view.

      4. Run user-interface vty first-ui-number [ last-ui-number ]

        The VTY user interface view is displayed.

      5. Run acl [ ipv6 ] { acl-number | acl-name } outbound

        ACL-based access control is configured for the VTY user interface.

Translation
Download
Updated: 2019-04-17

Document ID: EDOC1000178413

Views: 68267

Downloads: 109

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next