1. Three ways of telnet configuration
none : Means that no user name and password authentication is required when logging in with the user line next time, and anyone can log in to the device. This situation may bring security risks.
password : Indicates that you need to enter a password when you log in with this user line next time. Only the password is correct, the user can log in to the device. After configuring the authentication method as password, please keep the password properly.
scheme : Indicates that user name and password authentication is required the next time the user line is used to log in to the device. If the user name or password is incorrect, the login will fail. After configuring the authentication method as scheme, please keep the user name and password properly
2. The knowledge that needs to be mastered
- User role
network-admin: has the highest authority, can operate all functions and resources of the operating system
network-operator: can execute all the functions and resources related display commands of the system (except display history-command)
level-0 ~ level-15: predefined User roles, only user roles level-0 to level-14 can adjust their own permissions through custom rules and resource control strategies. level-15 has the same permissions as the network-admin role, and the administrator cannot configure it. By
default, users who log in to the system using the Console/AUX user line will be authorized to the user role network-admin; log in to the system through other user lines The user will be authorized to the user role network-operator - VTY
VTY (Virtual Type Terminal, virtual type terminal) user line: used to manage and monitor users logged in through Telnet or SSH
3. Configuration sequence
The authentication mode is none:
- Enable the Telnet service of the device
- Enter one or more VTY subscriber line view
- Set the authentication mode of the VTY login user to none
- Configure the user role of the current user line to log in to the device (optional, the default authorization is network-operator)
The authentication mode is password:
- Enable the Telnet service of the device
- Enter one or more VTY subscriber line view
- Set the authentication mode of the VTY login user to password
- Set the password for password authentication
- Configure the user role of the current user line to log in to the device (optional, the default authorization is network-operator)
The authentication mode is scheme:
- Enable the Telnet service of the device
- Enter one or more VTY subscriber line view
- Set the authentication mode of the VTY login user to scheme
- Create a user for login, and set the login password, user role, user service type, etc.
4. Configure
Topology diagram:
configuration with authentication mode as none:
R1的配置:
[H3C]int g0/0
[H3C-GigabitEthernet0/0]ip add 1.1.1.1 24
[H3C]telnet server enable
[H3C]line vty 0 4
[H3C-line-vty0-4]authentication-mode none
[H3C-line-vty0-4]user-role level-15
R2的配置:
[H3C]int g0/0
[H3C-GigabitEthernet0/0]ip add 1.1.1.2 24
Test:
Configuration with authentication mode as password:
R1的配置:
[H3C]int g0/0
[H3C-GigabitEthernet0/0]ip add 1.1.1.1 24
[H3C]telnet server enable
[H3C]line vty 0 4
[H3C-line-vty0-4]authentication-mode password
[H3C-line-vty0-4]set authentication password simple 123
[H3C-line-vty0-4]user-role level-15
R2的配置:
[H3C]int g0/0
[H3C-GigabitEthernet0/0]ip add 1.1.1.2 24
Test:
Configuration with authentication mode as scheme:
R1的配置:
[H3C]int g0/0
[H3C-GigabitEthernet0/0]ip add 1.1.1.1 24
[H3C]telnet server enable
[H3C]line vty 0 4
[H3C-line-vty0-4]authentication-mode scheme
[H3C-line-vty0-4]quit
[R1]local-user xiaobin
New local user added.
[R1-luser-manage-xiaobin]authorization-attribute user-role level-15
[R1-luser-manage-xiaobin]password simple 123
[R1-luser-manage-xiaobin]service-type telnet
R2的配置:
[H3C]int g0/0
[H3C-GigabitEthernet0/0]ip add 1.1.1.2 24
test: