Example for Configuring the Device as the Telnet Client to Log In to Another Device

42 0 0 0

Networking Requirements

As shown in Figure 3-9, the PC and Client have reachable routes to each other; Client and Server have reachable routes to each other. The user needs to manage and maintain Server remotely. However, the PC cannot directly log in to Server through Telnet because it has no reachable route to Server. The user can log in to Client through Telnet, and then log in to Server from Client. To prevent unauthorized devices from logging in to Server through Telnet, an ACL needs to be configured to allow only the Telnet connection from Client to Server.

Figure 3-9  Networking diagram of configuring the device as the Telnet client to log in to another device 
imgDownload?uuid=2e0701db81c140d7abadbcd
imgDownload?uuid=dedcc2f9597c49dc96ea718

The Telnet protocol poses a security risk, and therefore the STelnet V2 protocol is recommended.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the Telnet authentication mode on Server.
  2. Configure the login user information on Server.
  3. Configure an ACL on Server to allow Client access.
  4. Log in to Server from Client through Telnet.

Procedure

  1. Configure the Telnet authentication mode and password on Server.

    <HUAWEI> system-view [HUAWEI] sysname Server [Server] telnet server enable [Server] user-interface vty 0 4 [Server-ui-vty0-4] user privilege level 15 [Server-ui-vty0-4] protocol inbound telnet [Server-ui-vty0-4] authentication-mode aaa [Server-ui-vty0-4] quit

  2. Configure the login user information.

    [Server] aaa [Server-aaa] local-user admin1234 password irreversible-cipher Helloworld@6789 [Server-aaa] local-user admin1234 service-type telnet [Server-aaa] local-user admin1234 privilege level 3 [Server-aaa] quit

  3. Configure an ACL on Switch2 to allow Client access.

    [Server] acl 2000 [Server-acl-basic-2000] rule permit source 10.1.1.1 0 [Server-acl-basic-2000] quit [Server] user-interface vty 0 4 [Server-ui-vty0-4] acl 2000 inbound [Server-ui-vty0-4] quit
    imgDownload?uuid=e7f93300fdb145b8903c83c NOTE:

    It is optional to configure an ACL for Telnet services.

  4. Verify the configuration.

    # After the preceding configuration, you can log in to Server from Client through Telnet. You cannot log in to Server from other devices.

    <HUAWEI> system-view [HUAWEI] sysname Client [Client] quit <Client> telnet 10.2.1.1 Trying 10.2.1.1 ... Press CTRL+K to abort Connected to 10.2.1.1 ... Warning: Telnet is not a secure protocol, and it is recommended to use STelnet. Login authentication Username:admin1234 Password: <Server>

Configuration File

Server configuration file

# sysname Server # telnet server enable # acl number 2000  rule 5 permit source 10.1.1.1 0 # aaa  local-user admin1234 password irreversible-cipher $1a$gRNl~ukoL~0.WU)C2]~2a}Cz/Y0-u8M{j@Ql6/xHryO-Y7m{=A>kWc.-q}>*$  local-user admin1234 privilege level 3  local-user admin1234 service-type telnet # user-interface vty 0 4  acl 2000 inbound  authentication-mode aaa  user privilege level 15  protocol inbound telnet  # return

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top