服务端配置
[TelnetServer]aaa //创建一个telnetuser
[TelnetServer-aaa]display this
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
//设置用户时忘记设密码了,默认是vlan
local-user telnetuser password simple vlan
//如果采用加密的方式local-user telnetuser password cipher vlan则会得到以下显示效果
local-user telnetuser password cipher ,WE#0\[]0(5NZPO3JBXBHA!!
local-user telnetuser privilege level 15
local-user telnetuser service-type telnet
#
[TelnetServer]user-interface vty 0 4//给远程终端开一下aaa认证模式
[TelnetServer-ui-vty0-4]display this
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa //很多人会在终端这里增加一句protocol inbound telnet(难道只是为了限定协议仅仅telnet能进来?),不增加其实也能连接进来的。
#
命令格式
protocol inbound { all | ssh | telnet }
备注:有网友说V200R007之后系统默认是SSH(之前版本默认是telnet),我特地查了一下ENSP的版本如下:
<TelnetServer>display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.110 (S5700 V200R001C00) //所以怪不得不需要加protocol inbound telnet
Copyright (c) 2000-2011 HUAWEI TECH CO., LTD
Quidway S5700-28C-HI Routing Switch uptime is 0 week, 0 day, 0 hour, 35 minutes
<TelnetServer>
限制特定IP才能telnet进来
1、写ACL
acl number 2000
rule 5 permit source 192.168.1.2 0 //指定单个IP
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255 //或者可以限制某个IP段
acl number 2000
rule 5 permit source 192.168.1.0 0.0.0.255
rule 10 deny //不写这句也行,系统默认是拒绝所有,加上这句话显得逻辑上更明显
[TelnetServer]time-range gongzuori 9:00 to 18:00 working-day
[TelnetServer-acl-basic-2000]rule permit source 192.168.1.2 0 time-range gongzuo
ri //acl规则里有一个time-range参数,防止非法用户晚上捣乱???
2、引入ACL
[TelnetServer]user-interface vty 0 4
user-interface con 0
user-interface vty 0 4
acl 2000 inbound //引入ACL规则号码2000
authentication-mode aaa
客户端
<TelnetClient>telnet ? //记住在这个视图下,才可以用telnet+服务器IP
STRING<1-255> IP address or host name of a remote system
-a Config telnet source IP address
ipv6 IPV6 Protocol
vpn-instance Set VPN instance name
[TelnetClient]telnet ? //系统视图下的设置不能连服务器!
client-source Configure the source address of a TELNET client
ipv6
server Set telnet server