stelnet -tunnel lldp

Function

The stelnet -tunnel lldp command enables you to log in to another device through STelnet when the Layer 3 network is disconnected and Layer 2 links are reachable.

Format

stelnet -tunnel lldp -a source-ip-address -i { interface-type interface-number | interface-name } host-ip-address [ server-port ] [ [ prefer_kex prefer_kex ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ prefer_ctos_compress zlib ] | [ prefer_stoc_compress zlib ] | [ -ki interval ] | [ -kc count ] | [ identity-key identity-key-type ] | [ user-identity-key user-key ] ] *

stelnet ipv6 -tunnel lldp -a source-ipv6-address -i { interface-type interface-number | interface-name } host-ipv6-address [ server-port ] [ [ prefer_kex prefer_kex ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ prefer_ctos_compress zlib ] | [ prefer_stoc_compress zlib ] | [ -ki interval ] | [ -kc count ] | [ identity-key identity-key-type ] | [ user-identity-key user-key ] ] *

Parameters

Parameter Description Value
-i interface-type interface-number

Specifies the source interface type and number on the local device.

-
host-ip-address

Specifies the IPv4 address of a remote device.

The value is in dotted decimal notation.
server-port

Specifies the TCP port number used by the remote device that functions as the STelnet server.

The value is an integer ranging from 1 to 65535. The default value is 22.
prefer_kex prefer_kex

Specifies the preferred algorithm for key exchange.

Preferred algorithms for key exchange supported depend on the ssh client key-exchange command settings.
prefer_ctos_cipher prefer_ctos_cipher

Specifies the preferred encryption algorithm for packets from the client to the server.

Encryption algorithms supported depend on the ssh client cipher command settings.
prefer_stoc_cipher prefer_stoc_cipher

Specifies the preferred encryption algorithm for packets from the server to the client.

Encryption algorithms supported depend on the ssh client cipher command settings.
prefer_ctos_hmac prefer_ctos_hmac

Specifies the preferred HMAC algorithm for packets from the client to the server.

Preferred HMAC algorithms supported depend on the ssh client hmac command settings.
prefer_stoc_hmac prefer_stoc_hmac

Specifies the preferred HMAC algorithm for packets from the server to the client.

Preferred HMAC algorithms supported depend on the ssh client hmac command settings.
prefer_ctos_compress

Specifies the preferred compression algorithm for packets from the server to the client. Only the ZLIB algorithm is supported.

-
zlib

Specifies the ZLIB algorithm for packets from a client to the server.

-
prefer_stoc_compress

Specifies the preferred compression algorithm for packets from a client to the server.

-
-ki interval

Specifies an interval at which keepalive packets are sent if no data is received.

The value is an integer ranging from 1 to 3600, in seconds.
-kc count

Specifies the maximum number of times that a server does not respond to keepalive packets.

The value is an integer ranging from 1 to 30.
identity-key identity-key-type

Specifies the public key for server authentication.

Currently, the RSA_SHA2_512, RSA_SHA2_256, RSA, DSA, SM2, and ECC algorithms are supported. The default algorithm is ECC.

To ensure high security, do not use the RSA algorithm whose length is less than 2048 digits. You are advised to use RSA SHA2-512 or RSA SHA2-256 authentication algorithm which ensures higher security.
user-identity-key user-key

Specifies the public key for user authentication.

Currently, the RSA_SHA2_512, RSA_SHA2_256, RSA, DSA, SM2, and ECC algorithms are supported. The default algorithm is ECC.

To ensure high security, do not use the RSA algorithm whose length is less than 2048 digits. You are advised to use RSA SHA2-512 or RSA SHA2-256 authentication algorithm which ensures higher security.
ipv6

Specifies that the Layer 3 network is an IPv6 network.

-
-a source-ip-address

Specifies the IPv4 address of the local device. Users can use the specified IPv4 address to communicate with the STelnet server to ensure security.

The value is in dotted decimal notation.
-a source-ipv6-address

Specifies the IPv6 address of the local device. Users can use the specified IPv6 address to communicate with the STelnet server to ensure security.

The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
host-ipv6-address

Specifies the IPv6 address of a remote device.

The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.

Views

User view, System view

Default Level

0: Visit level

Task Name and Operations

Task Name Operations
shell execute

Usage Guidelines

Usage Scenario

If the Layer 3 network between the STelnet client and the server is disconnected but Layer 2 links are normal, you can run the stelnet -tunnel lldp command to log in to the SSH server through STelnet and manage the SSH server.

Prerequisites

  • The STelnet client and the server have been directly connected, and LLDP has been enabled globally on the STelnet client using the lldp enable command.
  • LLDP has been enabled using the lldp enable command on the specified source interface of the local device. The interface must be an existing physical interface and cannot be a sub-interface.
  • The STelnet service has been enabled on the SSH server using the stelnet server enable command.
  • A loopback interface has been created using the interface loopback loopback-number command and an IP address has been configured for it on the STelnet client and server.

Precautions

  • A loopback interface has been created using the interface loopback loopback-number command and an IP address has been configured for it on the STelnet client and server.
  • The IP address of the specified source interface must not be a loopback address (IP address in the network segment 127.0.0.0).
  • If the interface to which the specified source IP address belongs is not the specified source interface, the specified source IP address must be the IP address of a loopback interface, and the source interface must be a physical interface that has established an LLDP peer relationship with the client. For example, the specified source IP address is loopback1's IP address 10.1.1.1, and the specified source interface is GE 0/1/8.
  • The login user must be a valid SSH user existing on the server to be logged in to through STelnet.
  • If IPv6 addresses are used for login, the IPv6 function must be enabled on the loopback interfaces of both ends using the ipv6 enable command.
  • A secure algorithm is required. The STelnet client must support the AES128_CTR, AES256_CTR, AES192_CTR, AES128_GCM, or AES256_GCM algorithm.
  • The ssh client first-time enable command must be run on the STelnet client to enable first login for the SSH client.
  • The source or destination IP address must be the public network Loopback address, and the interface binding VPN is not supported.

Example

# Use an IPv4 address to establish an STelnet connection with a remote server.
<HUAWEI> stelnet -tunnel lldp -a 10.1.1.1 -i GigabitEthernet 0/1/0 10.0.1.2
Trying 10.0.1.2 ...
Press CTRL+K to abort
Connected to 10.0.1.2 ...
Please input the username: john
Enter password:
# Use an IPv6 address to establish an STelnet connection with a remote server.
<HUAWEI> stelnet ipv6 -tunnel lldp -a 2001:db8:2::2 -i GigabitEthernet 0/1/0 2001:db8:1::1
Trying 2001:db8:1::1 ...
Press CTRL+K to abort
Connected to 2001:db8:1::1 ...
Please input the username: john
Enter password:
Parent Topic: SSH Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >