No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Basic Configuration

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the Basic configuration supported by the device.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Enabling the Telnet Server Function

Enabling the Telnet Server Function

In addition to the authentication mode and user level, you need to configure the Telnet server function on a device.

Context

When a device functions as a Telnet server, you can specify the protocol port and source interface of the Telnet server to enhance Telnet connection security.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run telnet [ ipv6 ] server enable

    The Telnet server function is enabled.

    By default, the Telnet server function is disabled on a device.

  3. (Optional) Run telnet server port port-number

    The protocol port number is specified for the Telnet server.

    By default, the protocol port number of the Telnet server is 23.

    You can configure a new protocol port number for a Telnet server to prevent attackers from accessing the server using the default port.

  4. (Optional) Run telnet server permit interface { interface-type interface-number } &<1-5>

    The physical interfaces on the Telnet server to which clients can connect is specified.

  5. (Optional) Run telnet server-source { -a [ ipv6 ] source-ip-address | -i [ ipv6 ] interface-type interface-number }

    The source interface is specified for the Telnet server.

    By default, the source interface of a Telnet server is not specified.

    If the source IP address is not specified for the Telnet server, the device selects a source IP address according to routing entries to send packets. Specify an interface in stable state, such as a loopback interface, as the source interface. Before specifying a source interface, make sure that the Telnet client has a reachable route to the source interface. Otherwise, the configuration will fail.

  6. (Optional) Configure ACL-based Telnet access control.

    • Control access to the local device.

      1. Run acl acl-number

        An ACL is created, and the ACL view is displayed.

        acl-number refers to a basic ACL numbered from 2000 to 2999.

      2. Run rule permit source source-address 0

        ACL rules are configured to prohibit devices except the device specified by source-address from accessing the local device.

      3. Run quit

        Exit the ACL view.

      4. Run user-interface vty first-ui-number [ last-ui-number ]

        The VTY user interface view is displayed.

      5. Run acl [ ipv6 ] acl-number inbound

        The ACL-based Telnet access control is configured for the VTY user interface.

    • Control access of the local device to other devices.
      1. Run acl acl-number

        An ACL is created, and the ACL view is displayed.

        acl-number refers to an advanced ACL numbered from 3000 to 3999.

      2. Run rule deny tcp destination-port eq telnet

        ACL rules are configured to prohibit the local device from accessing other devices.

      3. Run quit

        Exit the ACL view.

      4. Run user-interface vty first-ui-number [ last-ui-number ]

        The VTY user interface view is displayed.

      5. Run acl [ ipv6 ] acl-number outbound

        The ACL-based Telnet access control is configured for the VTY user interface.

Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034225

Views: 44869

Downloads: 100

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next