Enabling Telnet Access


To enable telnet globally use the following commands.


> enable

# config t
(config)# telnet server


!!!WARNING!!!
The above configuration allows anyone to telnet into the device without a username or password required. When a user telnets to the device it will drop them directly into user mode. If no enable password has been configured the user can get into privilege mode by simply typing "enable" at the user mode prompt. At this point the user has full control of the device. Enable Password

To configure an enable password so that a user will be required to enter a password before they can enter privilege mode use the following command. In this example the enable password is password and the user is given super-user access once the device drops them into privilege mode after successful authentication.


(config)# enable super-user-password password


Note: Other levels of enable passwords can be applied, like port-configuration or read-only access.

Enabling Telnet on a Specific VLAN


Telnet can also be enabled on a per VLAN basis instead of globally. If telnet is enabled on a per VLAN basis then only users within one specified VLAN have the ability to telnet to the device. If a user is trying to telnet to the out-of-band or management interface then telnet MUST be enabled globally. If users on multiple VLANs need telnet access then telnet MUST be enabled globally. To enable telnet on a single VLAN use the following command. In this example telnet is enabled on VLAN 50.


(config)# telnet server enable vlan 50


Note: The same rules for privilege mode apply as explained above.

Enabling a Telnet Password


To configure a telnet password use the following command. In this example the password is powerconnect.


(config)# enable telnet password powerconnect


Note: With the above configuration a user will be prompted for ONLY a password when they try to telnet into the device. If they enter the password correctly the user will be dropped into user mode, and the same rules for privilege mode apply as explained previously.

Enabling Telnet Username/Password Authentication


To configure username and password authentication for telnet access so the user will be prompted for both a username and password when telneting into the device use the following commands. In this example we are creating the username and password in the device's local authentication database. The username is admin and the password is powerconnect. The user is given privilege level 0 for read-write access.


(config)# username admin privilege 0 password powerconnect

(config)# aaa authentication login default local
(config)# enable telnet authentication

Note: With the above configuration the user will be dropped into user mode if they successfully enter the username/password credentials. The same rules for privilege mode apply as explained above.
2nd Note: Username and password authentication overrides telnet password configuration. If both telnet password and username/password are configured when a user telnets into the device they will be prompted for both the username and password instead of only a telnet password.

Putting Telnet User Into Privilege Mode Automatically


To drop a user into privilege mode automatically after telnet authentication is successful use the following command.


(config)# aaa authentication login privilege-mode


!!!WARNING!!!
When the user is dropped into privilege mode automatically they will NOT be prompted for an enable password even if one is configured.

Note: The username/password authentication must be configured first for the above configuration to apply. The above configuration does NOT apply when only a telnet password has been configured.
Maximum Login Attempts

To specify a maximum number of login attempts for telnet use the following command. In this example the user can fail telnet authentication up to 5 times before the device closes the telnet session.


(config)# telnet login-retries 5


Note: The above command does NOT lockout the user account that failed to authenticate. If the user re-opens another telnet session they can try again with the same user account. Although, this configuration can be a useful way to prevent bruteforce or dictionary attacks against the telnet credentials.

Telnet Session Idle Period


To configure a timeout period for telnet sessions use the following command. In this example, if the user leaves the telnet session idle for up to 5 minutes after they have authenticated to the device it will close the telnet session.


(config)# telnet timeout 5


Note: To specify an infinite timeout period use value 0.

Telnet Login Timeout Period


To configure a login timeout period for telnet sessions use the following command. In this example if the user leaves the login prompt idle for up to 2 minutes the device closes the telnet session.


(config)# telnet login-timeout 2

Note: The default login-timeout period is 1 minute.

PowerConnect Manuals Page


http://support.dell.com/support/topics/global.aspx/support/my_systems_info/manuals?~ck=ln&c=us&l =en&lnki=0&s=gen  

For more advanced telnet management configurations like telnet access control lists see the PowerConnect B Series Configuration Guide specific for the device model.