Example for Configuring an ACL to Limit Telnet Login

Networking Requirements

As shown in Figure 5-2, the PC and device are reachable to each other. Users require that the device be remotely configured and easily managed. To meet the requirement, configure AAA authentication for Telnet users on the server and configure a security policy to allow only users meeting the policy to log in to the device.

Figure 5-2 Networking diagram for configuring Telnet login

Configuration Roadmap

1. Log in to the device using Telnet to remotely maintain the device.
2. Configure a security policy to ensure that only users meeting the policy can log in to the device.
3. Configure the administrator user name and password.

Procedure

1. Enable the Telnet server function.

   <HUAWEI> system-view 
   [HUAWEI] sysname Telnet_Server 
   [Telnet_Server] telnet server enable

2. Set parameters for the VTY user interface.

   # Set the maximum number of VTY user interfaces.

   [Telnet_Server] user-interface maximum-vty 15

   # Specify the IP address of the host allowed to log in to the device.

   [Telnet_Server] acl 2001 
   [Telnet_Server-acl-basic-2001] rule permit source 10.1.1.1 0 
   [Telnet_Server-acl-basic-2001] quit 
   [Telnet_Server] user-interface vty 0 14 
   [Telnet_Server-ui-vty0-14] protocol inbound telnet 
   [Telnet_Server-ui-vty0-14] acl 2001 inbound

   # Set terminal attributes for the VTY user interface.

   [Telnet_Server-ui-vty0-14] shell 
   [Telnet_Server-ui-vty0-14] idle-timeout 20 
   [Telnet_Server-ui-vty0-14] screen-length 0 
   [Telnet_Server-ui-vty0-14] history-command max-size 20

   # Set an authentication mode for the VTY user interface.

   [Telnet_Server-ui-vty0-14] authentication-mode aaa 
   [Telnet_Server-ui-vty0-14] quit

3. Configure the login user information.

   # Set an authentication mode for login users.

   [Telnet_Server] aaa 
   [Telnet_Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 
   [Telnet_Server-aaa] local-user admin1234 service-type telnet 
   [Telnet_Server-aaa] local-user admin1234 privilege level 3 
   [Telnet_Server-aaa] quit

4. Log in to the client.

   # Run commands on the Windows Command Prompt of the PC to log in to the device using Telnet.

   C:\Documents and Settings\Administrator> telnet 10.137.217.177

   Press Enter, and enter the configured user name and password in the login window. If authentication succeeds, the CLI is displayed, indicating that you have successfully logged in to the device. (The following information is only for reference.)

   Login authentication 
    
    
   Username:admin1234 
   Password: 
   Info: The max number of VTY users is 15, and the number 
         of current VTY users on line is 2. 
         The current login time is 2019-08-06 18:33:18+00:00. 
   <Telnet_Server>

Configuration File

Telnet_Server configuration file

#
sysname Telnet_Server
#
telnet server enable
#
acl number 2001
 rule 5 permit source 10.1.1.1 0
#
aaa
 local-user admin1234 password irreversible-cipher $1a$aVW8S=aP=B<OWi1Bu'^R[=_!~oR*85r_nNY+kA(I}[TiLiVGR-i/'DFGAI-O$
 local-user admin1234 privilege level 3
 local-user admin1234 service-type telnet
#
user-interface maximum-vty 15
user-interface vty 0 14
 acl 2001 inbound
 authentication-mode aaa
 history-command max-size 20
 idle-timeout 20 0
 screen-length 0
 protocol inbound telnet
#
return