Configuring Logging In to the CLI Using Telnet Using the CLI - In Practice
Hello everyone,
Today, I would like to introduce in practice a method of configuring the telnet protocol and login via CLI.
Telnet login is not secure. It is recommended that you log in to the CLI using STelnet.
The local administrator has some administrator permissions and can use Telnet to login to the CLI only from a local PC for FW management and maintenance. FW implements local authentication on administrators.
Procedure:
To complete our example, we need to follow these steps:
Enable the Telnet service in FW:
Enable Telnet service for IPv4 or IPv6. IPv4 is used as an example

In the example the configured IP address has been set to 172.16.100.2, the interface has been added to the trust zone and the administrator has permission to log into the device using Telnet.
Configure the administrator login interface:
Configure the interface IP address and interface-based access control and enable the administrator to log in to the device through Telnet.

Add an interface to the security zone.

Configure the VTY administrator interface:
Set the VTY administrator interface authentication mode to AAA and the idle disconnect duration to 5 minutes (default value is 10 minutes).
The default number of VTY administrator interfaces is five. To add more interfaces, run the maximum-vty number UI command.

Configure the administrator:
Configure the Telnet administrator.
Create an administrator and bind a role to the administrator.

In the example the username is vtyadmin and the password Huawei@123
Configure the IP address of the administrator PC and use Telnet software to log into the VTY interface:
Set the IP address and subnet mask of the administrator PC to 172.16.100.1 and 255.255.255.0.
The terminal used in the example is SecureCRT. Choose Telnet as protocol and hostaname 172.16.100.2 as port 23 and click Connect .

Enter the configured information in the vty user section.
In the example the user is "vtyadmin" and the password is "Huawei@123"

Now let's validate user access.

Through the command "displays users" we have the information of the users connected to the equipment.
With that our practical example was completed.
Cheers,


