Shulou(Shulou.com)06/01 Report--

The noun explains:

[console port] console is the console. In the early days of the emergence of computers, people interacted with computers through a large number of buttons and a large number of indicators, which was the early "parallel communication" referred to as "parallel port". This method occupies a large number of chip ports and the transmission speed between devices is very slow, so a fast communication mode "serial communication" referred to as "serial port" appears. In the early days, people used keyboards and monitors to interact with computers through serial ports, which has now become a common communication mechanism between devices, namely "console". The console is used to manage the underlying functions of the device, and the "disadvantage" of the need for direct close interaction with the device has also become one of its security mechanisms. The device generally retains a console port, and the user needs to use a device that supports serial communication (usually PC or notebook) to connect directly with the device, open a serial communication software (usually SecureCRT or super terminal), establish a connection according to the device's serial port configuration, and then log in to the device using the console password.

[network port] the network port is to connect the equipment to the user's network for access. The commonly used network port access methods include telnet, ssh, web and so on.

[telnet] telnet, that is, remote login, is a method and a network protocol for network access devices. Physically, the device and the user's PC are connected to the same network, the device as a server opens a telnet server waiting for the user to connect, and the user can start a telnet client through the cmd interface (or other software). This clinet will connect with the server and exchange data according to the agreed protocol, which realizes the so-called telnet login. Users can realize the remote management of the device by sending pre-set instructions to the device through telnet.

[virtual terminal vty] vty is Virtual Teletype Terminal (virtual terminal). Before the emergence of the network, users need to use a monitor and keyboard to connect directly to the device, which is very inconvenient when managing a large number of devices or remote management. After the emergence of the network, people have implemented a powerful server terminal on the device based on the network communication protocol (such as telnet, ssh). This server terminal enables the user to log in to the device in the way of telnet and output to the user a user interface with the same function as when the user is directly connected (here it refers to the user interface in the form of characters). This is the virtual terminal technology. For Huawei devices, using the telnet login device is to open a virtual terminal. Huawei equipment generally contains five virtual terminals, that is, it supports five users to log in to the device at the same time.

The meaning of one telnet

Using telnet, it is convenient to manage all the devices in the network, which makes the remote management of devices possible. Combined with virtual terminal technology can also achieve different levels of user rights management, in the lowest authority users can only view the configuration of the device, can not make any changes. Under the highest authority, users can realize configuration modification, user management, file management and so on, which is no different from logging in from console port. User rights management can effectively avoid misoperation of low-level users on the device, but also ensure the convenient use of administrators.

How to log in using telnet

The following three procedures are required for telnet to log on to the device:

1. Telnet function of enabling device

Before the telnet function of the device is started, you need to use the console port to log in to the device and enable the function.

User-interface vty 0 4 / / A pair of virtual terminals 0-4 to configure dis this / / View the current configuration (optional) protocol inbound all / / enable telnet and ssh protocols

two。 Set access mode and rights management

Huawei devices support two access modes, one is single password mode, and the other is user plus password mode.

1) single password mode

Authentication-mode password / / set the access mode to single password set authentication password cipher * * / / modify password

Huawei devices can set different privileged passwords for hierarchical access in single password mode (the default is level 0).

Super password level 3 cipher * * / / set the privileged password for level 3

After users log in to the device with the normal password set earlier, they can use the super command to gain higher access.

/ / after logging in to the device using telnet, the first thing to get is the default level 0 privilege super / / enter the privileged password of level 3 to get the permission of level 3

After setting different levels of privileged passwords, users can also enter the password when telnet logs in to the device, so that they can directly get this level of privileges without entering super to obtain privileges.

2) user plus password mode (aaa)

Authentication-mode aaa / / modify the authentication mode to aaa, that is, user name plus password mode

In aaa mode, there is a default user admin, and users can also create new users themselves. The access level of newly created users is 0, and users can specify different access levels for different users.

Aaa / / enter the aaa view local-user test password cipher test / / create a user whose username and password are both test local-user test service-type telnet ssh / / specify that the user can log in to the device local-user test privilege level 3 / / specify the access level of the test user as 3 undolocal-user test privilege level / / cancel the access level of the test user (back to 0)

3) default permission settings

Users can also set the default permissions of virtual end users

User privilege level 3 / / sets the default level for vty users to 3

3. Use the telnet client to connect to the device

Users can log in to the device using software such as CMD or secureCRT of the PC, telnet.

Detailed explanation of three login levels

Huawei switch has 16 user levels and 4 permission levels. High-level permissions are compatible with low-level permissions. Details are as follows:

User level command level name description 00 Visitor level network diagnostic tools (ping, tracert); jump to other devices (telnet) 10, 1 monitor level device configuration and status query (display, etc.) 20, 1, 2 configuration level service configuration (such as routing configuration, etc.) 3-150,1, 2, 3 management level

Commands for basic operation of the system, such as file system, user management, level setting, business troubleshooting, etc.

The administrative level corresponds to 13 user levels, which is done to refine the management of users at the administrative level.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.