Telnet

Introduction

Telnet is a protocol to establish remote access to a unit over an IP network. As Telnet does not provide adequate security primitives it is disabled by default and only provided for legacy purposes. For remote access, it recommended to instead use SSH.

If Telnet is enabled on a switch, Telnet can be used to connect to the switch CLI remotely.

Connecting to a Device

To connect to a switch using Telnet, the Telnet service must first be enabled on the switch. This can be done via another management interface, e.g., via the console.

example:/#> configure
example:/config/#> management
example:/config/management/#> telnet
Activating Telnet with default settings, type 'abort' to cancel.
example:/config/management/telnet/#> leave
Applying configuration.
Configuration activated.  Remember "copy run start" to save to flash (NVRAM).
example:/#>

To connect to the Telnet service you need a Telnet client. One example is the PuTTY client on Windows, which also supports SSH. As stated earlier, use of SSH is recommended over Telnet for remote access. In the examples below a Linux host with its telnet client is used.

Connecting can be done to the assigned DNS name, the advertised mDNS name, or using the IP address of the remote device:

    user@linux-pc:~$ telnet weos.local
    Trying 192.168.2.33...
    Connected to weos.local.
    Escape character is '^]'.

    example login : admin
    Password: *******

Once logged in, the remote system’s message of the day (MOTD) and the CLI prompt is displayed. Use logout, exit, or Ctrl-D to log out and disconnect.

Configuration

The Telnet service can be configured in several ways:

  • It can be activated/deactivated
  • It can be restricted to a subset of available interfaces
  • The port number can be changed

There is currently no specific setting for Telnet idle timeout. Please set the general CLI inactivity timeout when enabling Telnet, to ensure Telnet users are logged out automatically if not active.

The Telnet service settings are available from the management configuration context in the CLI:

example:/#> configure
example:/config/#> management
example:/config/management/#> telnet
example:/config/management/telnet/#>
[no] enable

Enable/disable the Telnet server. If disabled, the rest of the configuration is saved for when you re-enable the service again.

The telnet service configuration can be completely reset from the parent management configuration context using no telnet.

no
Disable Telnet service completely (default)
[no] listen IFNAME[,IFNAME]

Interfaces on which to allow Telnet connections.

To restrict Telnet to only listen on interfaces vlan1 and vlan2:

listen vlan1 vlan2

To listen on all interfaces again (default):

no listen

[no] port PORT

By default, Telnet listens on TCP port 23. Telnet clients connect to this port unless another port is specified.

Note

To connect to a Telnet server listening to a non-standard port, the port has to be specified when connecting. For example:

user@linux-pc:~$ telnet weos.local 1234