No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S9300, S9300E, and S9300X V200R011C10

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring an ACL to Limit Telnet Login

Example for Configuring an ACL to Limit Telnet Login

Networking Requirements

As shown in Figure 5-12, the PC and device are reachable to each other. Users require that the device be remotely configured and managed in an easy way. To meet the requirement, configure AAA authentication for Telnet users on the server and configure a security policy to allow only users meeting the policy to log in to the device.

Figure 5-12  Networking diagram for configuring Telnet login

Configuration Roadmap

The configuration roadmap is as follows:

  1. Log in to the device using Telnet to remotely maintain the device.
  2. Configure the administrator user name and password, and configure an AAA authentication policy to ensure that only users passing the authentication can log in to the device.
  3. Configure a security policy to ensure that only users meeting the policy can log in to the device.

Procedure

  1. Enable the server function.

    <Quidway> system-view
    [Quidway] sysname Telnet_Server
    [Telnet_Server] telnet server enable

  2. Set parameters for the VTY user interface.

    # Set the maximum number of VTY user interfaces.

    [Telnet_Server] user-interface maximum-vty 15

    # Specify the IP address of the host allowed to log in to the device.

    [Telnet_Server] acl 2001
    [Telnet_Server-acl-basic-2001] rule permit source 10.1.1.1 0
    [Telnet_Server-acl-basic-2001] quit
    [Telnet_Server] user-interface vty 0 14
    [Telnet_Server-ui-vty0-14] protocol inbound telnet
    [Telnet_Server-ui-vty0-14] acl 2001 inbound

    # Set terminal attributes for the VTY user interface.

    [Telnet_Server-ui-vty0-14] shell
    [Telnet_Server-ui-vty0-14] idle-timeout 20
    [Telnet_Server-ui-vty0-14] screen-length 0
    [Telnet_Server-ui-vty0-14] history-command max-size 20

    # Set an authentication mode for the VTY user interface.

    [Telnet_Server-ui-vty0-14] authentication-mode aaa
    [Telnet_Server-ui-vty0-14] quit

  3. Configure the login user information.

    # Set an authentication mode for login users.

    [Telnet_Server] aaa
    [Telnet_Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789
    [Telnet_Server-aaa] local-user admin1234 service-type telnet
    [Telnet_Server-aaa] local-user admin1234 privilege level 3
    [Telnet_Server-aaa] quit

  4. Log in to the client.

    Run commands on the Windows Command Prompt of the PC to log in to the device using Telnet.

    C:\Documents and Settings\Administrator> telnet 10.137.217.177

    Press Enter, and enter the configured user name and password in the login window. If authentication succeeds, the CLI is displayed, indicating that you have successfully logged in to the device. (The following information is only for reference.)

    Login authentication
    
    
    Username:admin1234
    Password:
    Info: The max number of VTY users is 8, and the number
          of current VTY users on line is 2.
          The current login time is 2012-08-06 18:33:18+00:00.
    <Telnet_Server>

Configuration File

Telnet_Server configuration file

#
sysname Telnet_Server
#
telnet server enable
#
acl number 2001
 rule 5 permit source 10.1.1.1 0
#
aaa
 local-user admin1234 password irreversible-cipher $1a$aVW8S=aP=B<OWi1Bu'^R[=_!~oR*85r_nNY+kA(I}[TiLiVGR-i/'DFGAI-O$
 local-user admin1234 privilege level 3
 local-user admin1234 service-type telnet
#
user-interface maximum-vty 15
user-interface vty 0 14
 acl 2001 inbound
 authentication-mode aaa
 history-command max-size 20
 idle-timeout 20 0
 screen-length 0
 protocol inbound telnet
#
return
Translation
Download
Updated: 2019-04-17

Document ID: EDOC1000178413

Views: 68740

Downloads: 109

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next