Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document.
Note: Even the most advanced machine translation cannot match the quality of professional translators.
Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the Device as the Telnet Client to Log In to Another Device
Networking Requirements
As shown in Figure 5-3, the PC and Client have reachable routes to each other; Client and Server have reachable routes to each other. The user needs to manage and maintain Server remotely. However, the PC cannot directly log in to Server through Telnet because it has no reachable route to Server. The user can log in to Client through Telnet, and then log in to Server from Client. To prevent unauthorized devices from logging in to Server through Telnet, an ACL needs to be configured to allow only the Telnet connection from Client to Server.
Configuration Roadmap
- Configure the Telnet authentication mode on Server.
- Configure an ACL on Server to allow Client access.
- Configure the login user information on Server.
Procedure
- Configure the Telnet authentication mode and password on Server.
<HUAWEI> system-view [HUAWEI] sysname Server [Server] telnet server enable [Server] user-interface vty 0 4 [Server-ui-vty0-4] user privilege level 15 [Server-ui-vty0-4] protocol inbound telnet [Server-ui-vty0-4] authentication-mode aaa [Server-ui-vty0-4] quit
- Configure the login user information.
[Server] aaa [Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 [Server-aaa] local-user admin1234 service-type telnet [Server-aaa] local-user admin1234 privilege level 3 [Server-aaa] quit
- Configure an ACL on Switch2 to allow Client access.
[Server] acl 2000 [Server-acl-basic-2000] rule permit source 10.1.1.1 0 [Server-acl-basic-2000] quit [Server] user-interface vty 0 4 [Server-ui-vty0-4] acl 2000 inbound [Server-ui-vty0-4] quit
It is optional to configure an ACL for Telnet services.
- Verify the configuration.
# After the preceding configuration, you can log in to Server from Client through Telnet. You cannot log in to Server from other devices.
<HUAWEI> system-view [HUAWEI] sysname Client [Client] quit <Client> telnet 10.2.1.1 Trying 10.2.1.1 ... Press CTRL+K to abort Connected to 10.2.1.1 ... Warning: Telnet is not a secure protocol, and it is recommended to use STelnet. Login authentication Username:admin1234 Password: <Server>
Configuration File
Server configuration file
#
sysname Server
#
telnet server enable
#
acl number 2000
rule 5 permit source 10.1.1.1 0
#
aaa
local-user admin1234 password irreversible-cipher $1a$gRNl~ukoL~0.WU)C2]~2a}Cz/Y0-u8M{j@Ql6/xHryO-Y7m{=A>kWc.-q}>*$
local-user admin1234 privilege level 3
local-user admin1234 service-type telnet
#
user-interface maximum-vty 15
user-interface vty 0 14
acl 2001 inbound
authentication-mode aaa
history-command max-size 20
idle-timeout 20 0
screen-length 0
protocol inbound telnet
#
return