< Home

Configuring Telnet Login

An administrator can use Telnet to remotely manage a switch since Telnet is easy to use. Before configuring Telnet login, ensure that the PC and the switch are routable to each other.

The Telnet protocol poses security risks, and therefore STelnet V2 is recommended.

Common Configurations for Telnet Login

By default, the Telnet function is not configured on a switch. To use this function, you need to perform the following steps to configure the Telnet server function and user information.

  1. Enable the Telnet server function.
  2. Set a protocol type for the VTY user interface.
  3. Configure an authentication mode and a user level for the VTY user interface.

Procedure

  1. Enable the server function.

    <HUAWEI> system-view
[HUAWEI] telnet server enable

  2. Set a protocol type for the VTY user interface.

    [HUAWEI] user-interface vty 0 4
[HUAWEI-ui-vty0-4] protocol inbound telnet    //Set the protocol supported by the VTY user interface to Telnet.

  3. Configure an authentication mode and a user level for the VTY user interface.

    • Set the authentication mode for the VTY user interface to AAA:

      To use AAA authentication, you need to configure the authentication information, access type, and user level for the AAA user.

      [HUAWEI-ui-vty0-4] authentication-mode aaa    //Set the authentication mode to AAA.
[HUAWEI-ui-vty0-4] quit
[HUAWEI] aaa
[HUAWEI-aaa] local-user admin123 password irreversible-cipher abcd@123    //Create a local user admin123 and set the login password to abcd@123.
[HUAWEI-aaa] local-user admin123 service-type telnet    //Set the access type of the local user admin123 to Telnet.
[HUAWEI-aaa] local-user admin123 privilege level 15    //Set the level of the local user admin123 to 15.
Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]y

    • Set the authentication mode for the VTY user interface to password:

      To use password authentication, you need to configure the level and login password of the VTY user interface.

      [HUAWEI-ui-vty0-4] authentication-mode password    //Set the authentication mode to password.
[HUAWEI-ui-vty0-4] set authentication password cipher abcd@123    //Set the login password to abcd@123.
[HUAWEI-ui-vty0-4] user privilege level 15    //Set the level of the VTY user interface to 15.

    If none authentication is used, any user can be successfully authenticated without entering the user name and password. In actual scenarios, AAA authentication is more secure and is therefore recommended.

    For device security purposes, change the password periodically.

  4. Log in to the switch through Telnet.

    Run commands on the Windows Command Prompt of the PC to log in to the switch through Telnet.

    C:\Documents and Settings\Administrator> telnet 10.10.10.20 23    //Set the management IP address of the switch to 10.10.10.20. The management IP address is set based on the network planning.

    Press Enter, and enter the user name and password configured for AAA authentication in the login window. If authentication succeeds, the CLI is displayed, indicating that you have successfully logged in to the switch. (The following information is only for reference.)

    Login authentication


Username:admin123
Password:
Info: The max number of VTY users is 15, and the number
      of current VTY users on line is 2.
      The current login time is 2018-12-22 18:33:18+00:00.
<HUAWEI>

Verifying the Configuration

  • Run the display users [ all ] command to check user login information on the user interface.
  • Run the display tcp status command to check all established TCP connections.
  • Run the display telnet server status command to check current Telnet server connections.

Related Commands

For detailed command description, see Command Reference.

Table 1 Common commands

Function

Command

Description

Enable the Telnet server function.

telnet server enable

By default, the Telnet server function is disabled.

Set an authentication mode for accessing a VTY user interface.

authentication-mode { aaa | password | none }

By default, no authentication mode is configured.

If AAA authentication is selected, you need to configure information about the local AAA user as follows:
  • Run the local-user user-name { password { cipher | irreversible-cipher } password command to create a local user and set the password of the user.
  • Run the local-user user-name { privilege level level } command to set the level of the local user.
  • Run the local-user user-name service-type { http | ssh | telnet | terminal } * command to set the access type of the local user.

Configure a login password for accessing a VTY user interface.

set authentication password [ cipher password ]

If password authentication is selected, you need to use this command to set the authentication password.

Set a protocol for a VTY user interface.

protocol inbound { all | telnet | ssh }

By default, the VTY user interface supports SSH.

The configuration takes effect at the next login.

Set the level of users who are allowed to access a VTY user interface.

user privilege level level

The default user level is 0.

The user level set using this command does not take effect for AAA users. The level of AAA users depends on the local user level in the AAA configuration information.
Table 2 Other commands

Function

Command

Description

Start terminal services on a VTY user interface.

shell

By default, terminal services are enabled on all VTY user interfaces.

Set the maximum number of VTY user interfaces.

user-interface maximum-vty number

The maximum number of VTY user interfaces is 15.

Set the VTY inactivity timeout.

idle-timeout minutes [ seconds ]

The default timeout value is 10 minutes.

Set the number of lines displayed on a terminal screen.

screen-length screen-length

The default number of lines displayed on a terminal screen is 24.

Set the number of columns displayed on a terminal screen.

screen-width screen-width

The default number of columns displayed on a terminal screen is 80.

Set the size of the historical command buffer on a VTY user interface.

history-command max-size size-value

By default, a maximum of 10 historical commands can be saved in the buffer.

Set the protocol port number of the Telnet server.

telnet server port port-number

The default protocol port number is 23.

Changing the port number of the Telnet server helps prevent attackers from logging in to the Telnet server using the default port number.

Set the source interface of the Telnet server.

telnet server-source -i loopback interface-number

By default, the source interface of a Telnet server is not specified.

Setting a source interface for a Telnet server helps shielding the management IP address of the switch and reduce the attack risks.

Specify the source IP address or source interface of the Telnet client.

telnet client-source { -a source-ip-address | -i interface-type interface-number }

By default, the source IP address of the Telnet client is 0.0.0.0.

If the source address or source interface is not specified in the telnet login command, the source address or source interface configured using this command is used.
Parent Topic: CLI Login Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >