The telnet command can effectively control vrouters and vswitches. In the previous article, we also explained some batch processing problems. Today, we will explain how to set up a vrotelnet for Cisco. As shown in, enter the Telent command, and then enter? Help, you can see the help of this command. In this article, I will talk about how to use telnet commands to manage vrouters and related precautions based on my work experience.
I. Prerequisites for using telnet commands for Remote Management
Generally, After configuring a vrotelnet or vswitch, you can use the telnet program to configure the vrotelnet, vswitch, and other devices. You only need to disable this Protocol on the relevant device. If you need to use the telnet virtual terminal protocol to remotely log on to the vro and perform relevant management, you must set a VTY password on the vro. If no VTY password is set on the target vro or vswitch, sorry, the target computer rejects the user's login. In general, the following error message is displayed:
Passwore Required, But None Set (the password is Required, But not Set ).
This also reminds administrators that when using the telnet protocol for remote setup and management, there is a prerequisite that the VTY password must be set on the target device. In fact, this is also a security measure. From this we can also see that if you cannot log on to the target computer using the telnet protocol, there are many reasons, for example, because no password is set on the target device, or disable the relevant protocol. In practice, network administrators still need to learn system error messages. Then, take appropriate measures to solve the problem based on relevant information. Only in this way can we be targeted. However, Cisco currently uses an English interface, and the error information is the same. Therefore, the requirements for English are relatively high. As a Cisco Network Administrator, you must break this level in English.
Ii. Tips for using telnet virtual terminal protocol in Cisco IOS
To facilitate user operations, there are still many tips for using telnet in Cisco's network environment. Specifically, the network administrator should be able to master the following skills. This is of great help to everyone to improve their work efficiency.
1. Simple telnet operations. In a Cisco router or vswitch, you do not need to enter the telnet command. What does this mean? If you are suspicious, enter the IP address or vro name under the command prompt symbol and press Enter. At this time, the system does not prompt that the command cannot be found. Instead, the telnet command is automatically added before the IP address. That is, if you enter the IP address only at the command prompt, the router will assume that you want to telnet to the target device. This provides a life-saving path for comrades who are not good at English. If you need to telnet to the target device for related work, you only need to enter the IP address of the target device.
Second, pay attention to the mode that can be used by telnet commands. Generally, a vro has multiple working modes, such as user mode and privileged mode. As mentioned above, when the VTY password is not configured on the target computer, all other conditions are met, and telnet cannot properly log on to the target computer for maintenance. To log on to the target computer, you must configure the VTY password. Note that the VTY password is a user-mode password. If only this password is configured, telnet can log on to a remote device, but it can only operate in user mode and cannot enter privileged mode. This is also a good security feature. To enable the telnet protocol to operate in privileged mode on a remote device, you must set the Enable mode or enable the encrypted password on the remote device. That is to say, the VTY password is just an initial key. If you want telnet to have a wider application space, you also need to configure more on the target device. When setting a password, you must set the same password on all lines. This is mainly because the connection line cannot be selected when the telnet command is used.
3. How can I allow telnet to log on to multiple devices at the same time? For example, you have logged on to vroa A using the telnet command. Later, for some reason, the network administrator needs to view information about another vrob B. In this case, the Administrator does not want to disconnect the original connection. How can this problem be solved? By default, you can enter the Exit command at any time to end the current connection. However, if you do not want to disconnect the current connection, you can press Ctrl + SHIFT + 6. What results will this cause? At this time, the system will return to the console of the original vro, but the connection with the original vro will remain. This facilitates the Administrator's operations. The administrator can perform related maintenance operations on the device at the same time. This raises another question. How many devices does the network administrator know? After all, we need to close these connections one by one at the end. In this case, the Show Sessions command is used. With this command, the administrator can query all telnet connections from a vro to the target device. There is also a detail to be aware. Generally, a * prompt is displayed in front of a session. This indicates that the connection is the last connection used by the Administrator. When the Administrator presses the Enter key twice in a row, the administrator can return to the previous connection. But what if the user wants to return to a specific connection? The Administrator only needs to enter the connection number, and then press the Enter key twice in a row to return any connection. Finally, I need to remind you that all telnet connections should be closed. Otherwise, there will be large security risks. Before exiting the telnet connection, you must use the Show Sessions command to view the current telnet connection. After all other telnet connections are disconnected, disable the current telnet connection.
3. Use the Host Name For Login
At the beginning, I provided a help image for the telnet command. In this figure, we can see that when using the telnet command, you can not only use the IP address, but also use the host name for connection. In practice, it is difficult to remember the IP addresses of each vro or vswitch. However, it is much easier to remember the name of a vro or a device. However, when using a host name instead of an IP address to connect to a remote device, you must note that the device used for connection must be able to resolve the host name to an IP address.
Generally, you can create a host table on each vro or use the DSN server to complete the corresponding work. This depends on the actual situation of the enterprise. If an enterprise has its own DNS server, it is easier to use DNS to resolve the host name. On the contrary, it would be a waste to build a DNS server for this Telnent function. In this case, it is easier to create a host table on the vro.
In a Cisco router, you can use the command ip host QA 192.168.0.3 for configuration. You can use this command to map the name of the QA router to the IP address. When using the telnet command in the future, you only need to enter the name of the QA host, instead of the IP address. Note the following when using the host table.
The first is the acceptable number of rows in the host table. Generally, a vro can accept a maximum of 8 records. This number seems to be relatively small, but it is enough for most enterprises. For ultra-large networks, they are generally equipped with independent DNS servers. In this case, you can use the DNS server for resolution.
The second is Case sensitivity. In Cisco's operating system, unlike Linux, it is generally not case sensitive. This is also true in host tables, which are generally case insensitive. However, to improve readability, it is best to standardize input when creating records. For example, in short, uppercase letters are often used. If it is not abbreviated, it uses multiple words, such as office room, it is better to use the first character of each word in uppercase. Although this does not affect the name resolution, it is easy for us to read.
If the enterprise does not have a DNS server and the number of routers or switches is small, using the host table is the first choice. On the contrary, if a company already has a DNS server or a large number of routers and switches, it is more convenient to use a DNS server for resolution.