Huawei Hcie Theory and practical Notes "3-telnet management"

Noun Explanation:

the console port console is the control console. In the early days of the computer, people interacted with the computer through a number of buttons and a large number of lights, which was the early "parallel communication" for short. This approach takes up a large number of chip ports and the transmission between devices is very slow, so a fast way of communication "serial communication" for short, "Serial port" appeared. The early people use the keyboard and the monitor through the serial port way to interact with the computer, this kind of way develops now becomes one kind of equipment common communication mechanism, namely "the console". The console is used to manage the underlying functionality of the device and is one of its security mechanisms because of the "drawbacks" that require direct close interaction with the device. The device generally retains a console port, users need to use a serial communication device (typically a PC or notebook) and the device directly connected, open a serial communication software (typically SECURECRT or HyperTerminal), based on the device's serial configuration to establish a connection, and then use the console password to log on to the device.

"Network Port" network is to connect the device to the user's network for access, commonly used network port access including Telnet, SSH, the web and so on.

"Telnet" telnet is a remote login, is a network access device is also a network protocol, the physical device and the user's PC access to the same network, the device as a server to open a Telnet server waiting for users to connect, The client can start a Telnet client through the CMD interface (or other software), which will connect to the server and exchange data according to the agreed-upon protocol, which enables the so-called Telnet login. clinet The user can remotely manage the device by sending a pre-set instruction to the device via Telnet.

The meaning of a telnet

With Telnet, you can easily manage all the devices on your network, making it possible to manage your devices remotely. Combined with the virtual terminal technology can also achieve different levels of user rights management, under the minimum permissions users can only view the configuration of the device, can not make any changes. Under the highest permissions, users can implement configuration modification, user management, file management and so on, and from the console port is no different. User Rights management can effectively avoid the low-level users on the device misoperation, but also to ensure that the administrator convenient use.

How to log in using Telnet

The Telnet login device takes the following three procedures:

1. Telnet function of the Enable device

Before the device's Telnet function starts, it needs to use the console port to log on to the device and enable the function

<ar>user-intvty 0 4//Configure virtual terminal 0-4 <ar-ui-vty0-4>dis this//view current configuration (not required) <AR-UI-VTY0-4&G T;protocolinbound All//enable Telnet with SSH protocol

2. Set access mode and Rights Management

devices support two access modes, one is single password mode, the other is user plus password mode.

1) Single password mode

<ar-ui-vty0-4>authentication-mode Password//set access mode to single password <ar-ui-vty0-4>setauthentication password CIP Her//Change password

i devices can set different privileged passwords for hierarchical access in single-password mode (default to Level 0).

<ar>superpassword Level 3 Cipher * * * Set a privileged password of 3

After the user logs on to the device using the normal password set earlier, you can use the Super command to get higher access rights.

Using Telnet to log on to the device first gets the default level of 0 permissions <ar>super//input Level 3 privileged password to get level 3 permissions

After the user has set a different level of privileged password, you can also enter the password when Telnet is logged on to the device, so that you can gain access to that level directly without having to enter super for privileged access.

2) User plus password mode (AAA)

<ar-ui-vty0-4>authentication-mode AAA//Modify the authentication mode to AAA, that is, user name plus password mode

The AAA mode has the default User admin, the user can also create a new user, the newly created user access level is 0, users can specify different access levels for different users

<AR>AAA//Enter AAA View <ar-aaa>local-user Test Password cipher test//create user name and password are test users <ar- Aaa>local-user test service-type telnet ssh//Specifies that the user can log on to the device via telnet or SSH <ar-aaa>local-user test privilege Level 3//Specify a test user's access level of 3 <ar-aaa>undolocal-user test privilege levels//Cancel test user access (back to 0)

3) Default permission settings

Users can also set the default permissions for virtual end users

<ar-ui-vty0-4>user Privilege Level 3//Set Vty user default to 3

3. Connecting devices using Telnet client

Users can log on to the device using software such as CMD or securecrt of the PC.

Three login levels

		level name
0	0	Visitor level	Network diagnostic tool (ping, tracert) ; Jump other Device (telnet)
1	0, 1	monitoring level	device configuration and status query (display etc)
2	0, 1, 2		business configuration (such as routing configuration, etc.)
3-15	0,, 2, 3	management

The management level corresponds to 13 user levels for granular management of management-level users.