No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Configuration Guide - Basic Configuration

This document describes the configurations of Basic, including CLI Overview, EasyDeploy Configuration, USB-based Deployment Configuration, Logging In to a Device for the First Time, CLI Login Configuration, Web System Login Configuration, File Management, Configuring System Startup, ISSU Configuration, BootLoad Menu Operation.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Telnet Login

Configuring Telnet Login

An administrator can use Telnet to remotely manage a switch since Telnet is easy to use. Before configuring Telnet login, ensure that the PC and the switch are routable to each other.

The Telnet protocol poses security risks, and therefore STelnet V2 is recommended.

Common Configurations for Telnet Login

By default, the Telnet function is not configured on a switch. To use this function, you need to perform the following steps to configure the Telnet server function and user information.

  1. Enable the Telnet server function.
  2. Set a protocol type for the VTY user interface.
  3. Configure an authentication mode and a user level for the VTY user interface.

Procedure

  1. Enable the server function.

    <HUAWEI> system-view
    [HUAWEI] telnet server enable

  2. Set a protocol type for the VTY user interface.

    [HUAWEI] user-interface vty 0 4
    [HUAWEI-ui-vty0-4] protocol inbound telnet    //Set the protocol supported by the VTY user interface to Telnet.
    

  3. Configure an authentication mode and a user level for the VTY user interface.

    • Set the authentication mode for the VTY user interface to AAA:

      To use AAA authentication, you need to configure the authentication information, access type, and user level for the AAA user.

      [HUAWEI-ui-vty0-4] authentication-mode aaa    //Set the authentication mode to AAA.
      [HUAWEI-ui-vty0-4] quit
      [HUAWEI] aaa
      [HUAWEI-aaa] local-user admin123 password irreversible-cipher abcd@123    //Create a local user admin123 and set the login password to abcd@123.
      [HUAWEI-aaa] local-user admin123 service-type telnet    //Set the access type of the local user admin123 to Telnet.
      [HUAWEI-aaa] local-user admin123 privilege level 15    //Set the level of the local user admin123 to 15.
    • Set the authentication mode for the VTY user interface to password:

      To use password authentication, you need to configure the level and login password of the VTY user interface.

      [HUAWEI-ui-vty0-4] authentication-mode password    //Set the authentication mdoe to password.
      [HUAWEI-ui-vty0-4] set authentication password cipher abcd@123    //Set the login password to abcd@123.
      [HUAWEI-ui-vty0-4] user privilege level 15    //Set the level of the VTY user interface to 15.
    NOTE:

    If non-authentication is used, any user can be successfully authenticated without the need of entering the user name and password. In actual scenarios, AAA authentication is more secure and is therefore recommended.

    For device security purposes, change the password periodically.

  4. Log in to the switch through Telnet.

    Run commands on the Windows Command Prompt of the PC to log in to the switch through Telnet.

    C:\Documents and Settings\Administrator> telnet 10.10.10.20 23    //Set the management IP address of the switch to 10.10.10.20. The management IP address is set based on the network planning.

    Press Enter, and enter the user name and password configured for AAA authentication in the login window. If authentication succeeds, the CLI is displayed, indicating that you have successfully logged in to the switch. (The following information is only for reference.)

    Login authentication
    
    
    Username:admin123
    Password:
    Info: The max number of VTY users is 15, and the number
          of current VTY users on line is 2.
          The current login time is 2018-12-22 18:33:18+00:00.
    

Related Commands

For detailed command description, see Command Reference.

Table 6-7  Common commands

Function

Command

Description

Enable the Telnet server function.

telnet server enable

By default, the Telnet server function is disabled.

Set an authentication mode for accessing a VTY user interface.

authentication-mode { aaa | password | none }

If AAA authentication is selected, you need to configure information about the local AAA user.

By default, no authentication mode is configured.

If AAA authentication is selected, you need to configure information about the local AAA user as follows:
  • Run the local-user user-name { password { cipher | irreversible-cipher } password command to create a local user and set the password of the user.
  • Run the local-user user-name { privilege level level } command to set the level of the local user.
  • Run the local-user user-name service-type { http | ssh | telnet | terminal } * command to set the access type of the local user.

Configure a login password for accessing a VTY user interface.

set authentication password [ cipher password ] If password authentication is selected, you need to use this command to set the authentication password.

Set a protocol for a VTY user interface.

protocol inbound { all | telnet | ssh }

By default, the VTY user interface supports SSH.

The configuration takes effect at the next login.

Set the level of users who are allowed to access a VTY user interface..

user privilege level level

The default user level is 0.

The user level set using this command does not take effect for AAA users. The level of AAA users depends on the local user level in the AAA configuration information.

Table 6-8  Other commands

Function

Command

Description

Start terminal services on a VTY user interface.

shell

By default, terminal services are enabled on all VTY user interfaces.

Set the maximum number of VTY user interfaces.

user-interface maximum-vty number

The maximum number of VTY user interfaces is 15.

Set the VTY inactivity timeout.

idle-timeout minutes [ seconds ]

The default timeout value is 10 minutes.

Set the number of lines displayed on a terminal screen.

screen-length screen-length

The default number of lines displayed on a terminal screen is 24.

Set the number of columns displayed on a terminal screen.

screen-width screen-width

The default number of columns displayed on a terminal screen is 80.

Set the size of the historical command buffer on a VTY user interface.

history-command max-size size-value

By default, a maximum of 10 historical commands can be saved in the buffer.

Set the protocol port number of the Telnet server.

telnet server port port-number

The default protocol port number is 23.

Changing the port number of the Telnet server helps prevent attackers from logging in to the Telnet server using the default port number.

Set the source interface of a Telnet server.

telnet server-source -i loopback interface-number

By default, the source interface of a Telnet server is not specified.

Setting a source interface for a Telnet server helps shielding the management IP address of the switch and reduce the attack risks.

Set an ACL to control the access of Telnet clients.

telnet [ ipv6 ] server acl acl-number

By default, no ACL is configured for an SSH server.

When a switch functions as a Telnet server, configure an ACL on the switch to control login of Telnet clients to the switch.

Set an ACL to control the login permission of users on a VTY user interface.

acl [ ipv6 ] { acl-number | acl-name } { inbound | outbound }

By default, the login permission of users on a VTY user interface is not controlled.

You can use this command to control the permission for logging in to a VTY user interface, with the control action set to permit or deny.

Translation
Download
Updated: 2019-04-08

Document ID: EDOC1100065643

Views: 11012

Downloads: 35

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next