Example of
Configuring a VTY User Interface on Quidway S9300:
Networking Requirements
A user can use
the VTY interface to log in to a remote device using Telnet. The device
administrator can
configure the attributes of the VTY user interface to ensure device security.
In this example,
the level of VTY users is 2. The password authentication mode and
authentication
password huawei2012 are configured for VTY users to log in to the device. Only the
user whose IP address is 10.1.1.1 can log in to the device.
If a user logs in
to the device and does not perform an operation within 30 minutes, the user's terminal
disconnects from the device
.
Configuration Roadmap
The configuration
roadmap is as follows:
1. Configure the
maximum number of concurrent VTY user interfaces to 8.
2. Configure
restrictions on call-in and call-out permissions on the VTY user interface to
allow users at a
specified address or address segment to log in to the device.
3. Configure
terminal attributes on the VTY user interface.
4. Configure the
user level on the VTY user interface.
5. Configure the
authentication mode and password of the VTY user interface.
Procedure, use the
Step 1 Configure the maximum number of concurrent VTY user interfaces.
<Quidway>
system-view
[Quidway]
user-interface maximum-vty 8
Step 2 Configure restrictions on call-in and call-out permissions on the VTY
user interface.
[Quidway] acl
2000
[Quidway-acl-basic-2000]
rule deny source 10.1.1.1 0
[Quidway-acl-basic-2000]
rule permit source any
[Quidway-acl-basic-2000]
quit
[Quidway]
user-interface vty 0 7
[Quidway-ui-vty0-7]
acl 2000 inbound
Step 3 Configure terminal attributes on the VTY user interface.
[Quidway-ui-vty0-7]
shell
[Quidway-ui-vty0-7]
idle-timeout 30
[Quidway-ui-vty0-7]
screen-length 30
[Quidway-ui-vty0-7]
history-command max-size 20
Step 4 Configure the user level on the VTY user interface.
[Quidway-ui-vty0-7]
user privilege level 2
Step 5 Configure the authentication mode and password of the VTY user
interface.
[Quidway-ui-vty0-7]
authentication-mode password
[Quidway-ui-vty0-7]
set authentication password cipher huawei2012
[Quidway-ui-vty0-7]
quit
After the VTY
user interface is configured, users can log in to the device in the password
authentication
mode using Telnet to maintain the device locally or remotely. For details on
how to log in to the device see 4.2.2 Logging In to the Device Through Telnet.
Step 6 Verify the configuration.
# Connect the
terminal to the device using Telnet, and verify that the new password is valid.
# Use 10.1.1.1 to
log in to the device using Telnet. The login fails.
# Run the
user-interface vty 0 7 command to enter the VTY interface view, and run the
display this command to check the configurations on the VTY interface.
[Quidway]
user-interface vty 0 7
[Quidway-ui-vty0-7]
display this
#
user-interface
maximum-vty 8
user-interface
vty 0 7
acl 2000 inbound
authentication-mode
password
user privilege
level 2
set
authentication password cipher %%$%$RdF~Z+6N|0d^a3%v5`W~3.%ymjpAD#$u
[T'e#e32hd8G~4+&%$%$
history-command
max-size 20
idle-timeout 30 0
screen-length 30
#
return
----End
Configuration File
#
acl number 2000
rule 5 deny
source 10.1.1.1 0
rule 10 permit
#
user-interface
maximum-vty 8
user-interface
vty 0 7
acl 2000 inbound
authentication-mode
password
user privilege
level 2
set
authentication password cipher %%$%$RdF~Z+6N|0d^a3%v5`W~3.%ymjpAD#$u
[T'e#e32hd8G~4+&%$%$
history-command
max-size 20
idle-timeout 30 0
screen-length 30
#
return
S9300&S9300E
Terabit Routing Switch
Configuration
Guide - Basic Configuration 3 Configuring a User Interface
Issue
没有评论:
发表评论