Example for Configuring VTY User Interfaces

In this configuration example, the maximum number of VTY user interfaces, limit on incoming and outgoing calls, terminal attributes, authentication mode, and password are configured. After the configuration is complete, you can use Telnet or SSH (STelnet) to log in to the device in password authentication mode.

Networking Requirements

To log in to a router using Telnet or SSH for local or remote configuration and maintenance, configure VTY user interfaces, including the maximum number of VTY user interfaces, limit on incoming and outgoing calls, terminal attributes, user levels, and authentication modes. You can configure parameters based on use and security requirements.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Set the maximum number of VTY user interfaces.

  2. Configure the limit on incoming and outgoing calls for VTY user interfaces.

  3. Configure terminal attributes for the VTY user interfaces.

  4. Set a user level for the VTY user interfaces.

  5. Configure an authentication mode and password for the VTY user interfaces.

Data Preparation

To complete the configuration, you need the following data:

  • Maximum number of VTY user interfaces: 21

  • Number of the ACL applied to limit incoming calls for the VTY user interfaces: 2000

  • Timeout period of an idle connection: 30 minutes

  • Number of rows displayed on a terminal screen: 30

  • Buffer size for historical commands: 20

  • User level: 15

  • Authentication mode: password authentication

The ACL number for limiting incoming and outgoing calls in VTY user interfaces, password, and user name do not have default values. Other parameters have default values, which are recommended.

Procedure

  1. Set the maximum number of VTY user interfaces.

    <HUAWEI> system-view
[~HUAWEI] user-interface maximum-vty 21
[*HUAWEI] commit

  2. Configure the limit on incoming and outgoing calls for VTY user interfaces.

    [~HUAWEI] acl 2000
[*HUAWEI-acl4-basic-2000] rule deny source 10.1.1.1 0
[*HUAWEI-acl4-basic-2000] quit
[*HUAWEI] user-interface vty 0 17
[*HUAWEI-ui-vty0-17] acl 2000 inbound
[*HUAWEI-ui-vty0-17] commit

  3. Configure terminal attributes for the VTY user interfaces.

    [~HUAWEI-ui-vty0-17] shell
[*HUAWEI-ui-vty0-17] idle-timeout 30
[*HUAWEI-ui-vty0-17] screen-length 30
[*HUAWEI-ui-vty0-17] history-command max-size 20
[*HUAWEI-ui-vty0-17] commit

  4. Set a user level for the VTY user interfaces.

    [~HUAWEI-ui-vty0-17] user privilege level 15
[*HUAWEI-ui-vty0-17] commit

  5. Configure password authentication for the VTY user interfaces.

    [~HUAWEI-ui-vty0-17] authentication-mode password
[~HUAWEI-ui-vty0-17] set authentication-mode password
Please configure the login password (8-16)
Enter Password:
Confirm Password:

    The password must meet the following requirements:

    • The password is entered in man-machine interaction mode. The system does not display the entered password.

    • A password is a string of 8 to 16 case-sensitive characters and must contain at least two types of the following characters: uppercase letters, lowercase letters, digits, and special characters.

    • Special characters exclude question marks (?) and spaces. However, spaces are allowed in the password if the password is enclosed in quotation marks.
      • Double quotation marks cannot contain double quotation marks if spaces are used in a password.
      • Double quotation marks can contain double quotation marks if no space is used in a password.

      For example, the password "Aa123"45"" is valid, but the password "Aa 123"45"" is invalid.

    The configured password is displayed in ciphertext in the configuration file.

    [*HUAWEI-ui-vty0-17] commit
[~HUAWEI-ui-vty0-17] quit

    After the VTY user interfaces have been configured, you can use Telnet or SSH to log in to the device in password authentication mode to maintain the device locally or remotely. For information about how to use Telnet or SSH to log in to a device, see Configuring a User to Log In Through Telnet or Configuring STelnet Login.

  6. Verify the configuration.

    After completing the configurations, run the display user-interface command to view the configurations of the VTY user interfaces.

    Use VTY 14 as an example:

    [~HUAWEI] display user-interface vty 14
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi Auth  Int
  48   VTY 14              -     15    -           P     -
  +    : Current UI is active.
  F    : Current UI is active and work in async mode.
  Idx  : Absolute index of UIs.
  Type : Type and relative index of UIs.
  Privi: The privilege of UIs.
  ActualPrivi: The actual privilege of user-interface.
  Auth : The authentication mode of UIs.
      A: Authenticate use AAA.
      N: Current UI need not authentication.
      P: Authenticate use current UI's password.
  Int  : The physical location of UIs.

Configuration Files

#
acl number 2000
 rule 5 deny source 10.1.1.1 0
#
user-interface maximum-vty 21
#
user-interface vty 0 17
 authentication-mode password
 user privilege level 15
 set authentication password cipher @%@%qQ5h+h1Ba#pJOx#+2[NX>3v'Ks6m@1Qg4%T>-q:D>7{](U0.BAb*OlJW&>We\]@%@%
 history-command max-size 20
 idle-timeout 30 0
 screen-length 30
 acl 2000 inbound
return
Parent Topic: Configuration Examples for User Interfaces
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic