No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Security

AR100, AR120, AR150, AR160, AR200, AR1200, AR2200, AR3200, and AR3600 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the network management feature supported by the device.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Using Basic ACLs to Control Telnet Login Rights

Example for Using Basic ACLs to Control Telnet Login Rights

Networking Requirements

As shown in Figure 5-13, the PC and the server (Huawei device) are reachable to each other. To implement easy remote configuration and management of the device, configure AAA authentication for Telnet users on the server and configure an ACL security policy that allows only users in compliance with the security policy to log in to the device.

Figure 5-13  Networking diagram for Configuring a Security Policy to Limit Telnet Login

NOTE:

The Telnet protocol poses a security risk, and therefore the STelnet V2 protocol is recommended.

Configuration Roadmap

The following configurations are performed on the Router. The configuration roadmap is as follows:

  1. Configure the Telnet login mode to implement remote network device maintenance.

  2. Configure an ACL security policy to ensure that only users in compliance with the security policy can log in to the device.

  3. Configure the administrator's user name and password and the AAA authentication mode to ensure that only users passing the authentication can log in to the device.

Procedure

  1. Set the server listening port number and enable the server function.

    <Huawei> system-view
    [Huawei] sysname Telnet Server
    [Telnet Server] telnet server enable
    [Telnet Server] telnet server port 1025

  2. Set the VTY user interface parameters.

    # Set the maximum number of VTY user interfaces.

    [Telnet Server] user-interface maximum-vty 8

    # Set the IP address of the device to which the user is allowed to log in.

    [Telnet Server] acl 2001
    [Telnet Server-acl-basic-2001] rule permit source 10.1.1.1 0
    [Telnet Server-acl-basic-2001] quit
    [Telnet Server] user-interface vty 0 7
    [Telnet Server-ui-vty0-7] acl 2001 inbound

    # Configure the terminal attributes of the VTY user interface.

    [Telnet Server-ui-vty0-7] shell
    [Telnet Server-ui-vty0-7] idle-timeout 20
    [Telnet Server-ui-vty0-7] screen-length 30
    [Telnet Server-ui-vty0-7] history-command max-size 20

    # Configure the user authentication mode of the VTY user interface.

    [Telnet Server-ui-vty0-7] authentication-mode aaa
    [Telnet Server-ui-vty0-7] quit

  3. Configure the login user information.

    # Configure the login authentication mode.

    [Telnet Server] aaa
    [Telnet Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789
    [Telnet Server-aaa] local-user admin1234 service-type telnet
    [Telnet Server-aaa] local-user admin1234 privilege level 3
    [Telnet Server-aaa] quit

  4. Configure the client login.

    Enter commands at the command line prompt to log in to the device through Telnet.

    C:\Documents and Settings\Administrator> telnet 10.137.217.177 1025

    Press Enter, and enter the user name and password in the login window. If the authentication is successful, the command line prompt of the user view is displayed. The user view configuration environment is displayed.

    Login authentication
    
    Username:admin1234
    Password:
    <Telnet Server>

Configuration Files

Telnet server configuration file

#
 sysname Telnet Server
#
acl number 2001
 rule 5 permit source 10.1.1.1 0
#
aaa
 local-user admin1234 password irreversible-cipher %^%#*~Br";[g6Pv5Zf>$~{hY+N!`{$<[Y{;l02P)B,EBz\1FN!c+%^%#
 local-user admin1234 privilege level 3
 local-user admin1234 service-type telnet
#
 telnet server enable
 telnet server port 1025
#
user-interface maximum-vty 8
user-interface vty 0 7
 acl 2001 inbound
 authentication-mode aaa
 history-command max-size 20
 idle-timeout 20 0
 screen-length 30
#
return
Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034077

Views: 112703

Downloads: 206

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next