05-Terminal Access Configuration Guide-book

H3C MSR Series RoutersTerminal Access Configuration Guide(V5)

Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: MSR-CMW520-R2311 Document version: 20130320-C-1.10

Copyright 2006-2013, Hangzhou H3C Technologies Co., Ltd. and its licensors

All rights reserved

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , H3CS, H3CIE, H3CNE, Aolynk, , H3Care, , IRF, NetPilot, Netflow, SecEngine, SecPath, SecCenter, SecBlade, Comware, ITCMM and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners

Notice

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

Preface

The H3C MSR documentation set includes 17 configuration guides, which describe the software features for the H3C MSR Series Routers and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.

The Terminal Access Configuration Guide(V5) describes fundamentals and configuration of Terminal Access.

This preface includes:

Audience Conventions About the H3C MSR documentation set Obtaining documentation Technical support Documentation feedback These configuration guides apply to the following models of the H3C MSR series routers:

Model

MSR 900 MSR 900 MSR 920

MSR 930

MSR 930 MSR 930-GU MSR 930-GT MSR 930-DG MSR 930-SA

MSR 20-1X

MSR 20-10 MSR 20-10E MSR 20-11 MSR 20-12 MSR 20-15

MSR 20

MSR 20-20 MSR 20-21 MSR 20-40

MSR 30

MSR 30-10 MSR 30-11 MSR 30-11E MSR 30-11F MSR 30-16 MSR 30-20 MSR 30-40 MSR 30-60

Model

MSR 50 MSR 50-40 MSR 50-60

Audience This documentation is intended for:

Network planners Field technical support and servicing engineers Network administrators working with the routers

Conventions This section describes the conventions used in this documentation set.

Command conventions

Convention Description

Boldface Bold text represents commands and keywords that you enter literally as shown.

Italic Italic text represents arguments that you replace with actual values.

[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.

[ x | y | ... ] Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none.

{ x | y | ... } * Asterisk marked braces enclose a set of required syntax choices separated by vertical bars, from which you select at least one.

[ x | y | ... ] * Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none.

& The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions


Boldface Window names, button names, field names, and menu items are in Boldface. For example, the New User window appears; click OK.

> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.

Symbols


WARNING An alert that calls attention to important information that if not understood or followed can

Convention Description result in personal injury.

CAUTION An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software.

IMPORTANT An alert that calls attention to essential information.

NOTE An alert that contains additional or supplementary information.

TIP An alert that provides helpful information.

Network topology icons

Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

Port numbering in examples

The port numbers in this document are for illustration only and might be unavailable on your device.

About the H3C MSR documentation set The H3C MSR documentation set includes:

Category Documents Purposes

Product description and specifications

Marketing brochures Describe product specifications and benefits.

Technology white papers Provide an in-depth description of software features and technologies.

Card datasheets Describe card specifications, features, and standards.

Hardware specifications and installation

Compliance and safety manual

Provides regulatory information and the safety instructions that must be followed during installation.

Installation guide Provides a complete guide to hardware installation and hardware specifications.

MSR Series Routers Interface Module Manual Provide the hardware specifications of cards.

Category Documents Purposes

Software configuration

MSR Series Routers Configuration guides

Describe software features and configuration procedures.

MSR Series Routers Command references

Provide a quick reference to all available commands.

MSR Series Routers Web Configuration guides

Describe Web software features and configuration procedures.

Operations and maintenance

H3C MSR Basic Routers Provide information about the product release, including the version history, hardware and software compatibility matrix, version upgrade information, technical support information, and software upgrading.

H3C MSR Standard Routers

Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com.

Click the links on the top navigation bar to obtain different categories of product documentation:

[Technical Support & Documents > Technical Documents] Provides hardware installation, software upgrading, and software feature configuration and maintenance documentation.

[Products & Solutions] Provides information about products and technologies, as well as solutions. [Technical Support & Documents > Software Download] Provides the documentation released with the software version.

Technical support [email protected]

http://www.h3c.com

Documentation feedback You can e-mail your comments about product documentation to [email protected].

We appreciate your comments.

i

Contents

Configuring terminal access 1Overview 1

Terminal access types 1Typical applications of terminal access 3Terminal access feature list 4Terminal access features 5Terminal access specifications 11

Terminal access configuration task list 12Configuring TTY terminal access 13

Configuring the TTY initiator 13Configuring the TTY receiver 17TTY terminal access configuration example 17

Configuring Telnet terminal access 19Configuring the Telnet initiator 19Configuring the Telnet receiver 23Telnet terminal access configuration example 23

Configuring ETelnet terminal access 25Configuring the ETelnet initiator 25Configuring the ETelnet receiver 28ETelnet terminal access configuration example 29

Configuring SSH terminal access 30Configuring the SSH initiator 30Configuring the SSH receiver 34SSH terminal access configuration example 34

Configuring RTC terminal access 35Configuring the asynchronous TCP RTC one-to-one initiator (TCP_11_Client) 35Configuring the asynchronous TCP RTC one-to-one receiver (TCP_11_Server) 39Configuring the TCP RTC many-to-one relay server (TCP_n1_Server) 42Configuring the synchronous UDP RTC one-to-one initiator (UDP_11_Client) 43Configuring the synchronous UDP RTC one-to-one receiver (UDP_11_Server) 44Configuring the synchronous UDP RTC one-to-many receiver (UDP_1n_Server) 45Asynchronous TCP RTC one-to-one configuration example 45Asynchronous RTC VPNs configuration example 47TCP RTC many-to-one relay configuration example 48UDP RTC one-to-one configuration example 49UDP RTC one-to-many configuration example 50

Displaying and maintaining terminal access configuration 51

Installing and configuring an FEP 52Installing and configuring SCO OpenServer server 52

Installing device drivers 52Configuration prerequisites 54Editing the ttyd configuration file 55Modifying the ccbtelnetd configuration file 57Modifying route configuration file 57Running and terminating ttyd on Unix server 58Installing and using ttyd administration program ttyadm 59

Installing and configuring SCO UnixWare server 66Installing device drivers 66

ii

Configuration prerequisites 66Modifying system configuration file ttydefs 67Editing ttyd configuration file 67Modifying route configuration file 68Running and terminating ttyd on Unix server 68Installing and using ttyd administration program ttyadm 68

Installing and configuring SUN OS server 68Installing device drivers 68Configuration prerequisites 69Editing the ttyd configuration file 69Modifying route configuration file 69Running and terminating ttyd on the Unix server 69Installing and using ttyd administration program ttyadm 70

Installing and configuring IBM AIX server 70Installing device drivers 70Configuration prerequisites 70Editing the ttyd configuration file 71Modifying route configuration file 71Running and terminating ttyd on the Unix server 71Installing and using ttyd administration program ttyadm 71

Installing and configuring HP-UX server 71Installing device drivers 71Configuration prerequisites 72Editing ttyd configuration file 72Modifying route configuration file 72Running and terminating ttyd on Unix server 72Installing and using ttyd administration program ttyadm 73

Installing and configuring redhat Linux server 73Installing device drivers 73Configuration prerequisites 74Editing the ttyd configuration file 74Modifying route configuration file 74Running and terminating ttyd on Unix server 74Installing and using ttyd administration program ttyadm 75

Troubleshooting terminal access 76Prompts on terminals 76Terminal access troubleshooting 77

Terminal access FAQs 83

Configuring POS terminal access 87Overview 87

POS access modes 87POS communication modes 89POS buffers 90TPDU 91Transparent mode and nontransparent mode 91POS connection modes 92POS multi-application mapping 92TPDU address change policy 92Sending of caller numbers 93POS terminal packet statistics 93FEP backup 93

Configuring POS access 94Enabling the POS access server 94

iii

Configuring a POS terminal 94Configuring a POS application 96Configuring POS terminal packet statistics 97Enabling trap for POS access 98Setting modem negotiation parameters on an FCM interface 98Configuring E1POS interface maintenance service 99

Displaying and maintaining POS access 101POS access configuration examples 102

POS dial-up terminal and TCP application configuration example (using an FCM interface) 102POS dial-up terminal and TCP application configuration example (using an E1POS interface and the R2 protocol) 103POS dial-up terminal and TCP application configuration example (using an E1POS interface and the PRI protocol) 104POS flow terminal and flow application configuration example 105POS TCP terminal and TCP application configuration example 106Routers providing POS access connected in cascade mode configuration example 107Backup FEP configuration example (nontransparent mode) 109Backup FEP configuration example (transparent mode) 110

Configuring IP terminal access 113Overview 113

IP terminal access features 113IP terminal access specifications 116

IP terminal access configuration task list 117Configuring the initiator 119

Enabling IP terminal access 119Creating an IP terminal access service 119Creating an IP terminal 119Specifying a terminal access type 119Configuring receiver parameters 120Configuring terminal address binding 120Configuring server connection authentication 121Setting the terminal timeout lock timer 121Specifying terminal lock hotkeys 121Setting the terminal timeout disconnection timer 121Configuring manual link disconnection 121Enabling encryption 122Configuring source address binding 122Configure VPN binding 122Configuring AAA authentication 123Configuring the processing approach for special characters 124Configuring link detection 124Configuring TCP buffers 125Enabling Telnet parameters negotiation 125Enabling filtering of flow control characters 125Enabling screen saving 126Setting the terminal screen display size 126Configuring the terminal type 126

Configuring the receiver 127Displaying and maintaining IP terminal access 127IP terminal access configuration example 127

Index 131

1

Configuring terminal access

NOTE:

The H3C MSR 900, MSR 50-06, and MSR 930 (except the MSR 930-SA) routers do not support interfacemodules and thus cannot provide terminal access through an asynchronous serial port module.

Overview Terminal access enables a terminal to use an asynchronous interface to access a front-end processor (FEP) or another terminal through a router.

The following types of network devices are used in terminal access:

TerminalA character device that is generally connected to another device through a serial interface cable. A user inputs characters by using the terminal keyboard. Then the characters are transferred to another device through the serial interface cable. After processing the characters, the device returns the result to the terminal, which displays the result on its screen.

InitiatorSends a connection request and serves as the client of the connection. Generally, a router is used as an initiator

ReceiverResponds to a connection request and serves as the server of the connection. A receiver can be an FEP or a router. An FEP is a system installed with an application program for banking, postal service, taxation, customs, civil aviation, and so on. A FEP can be a Unix server or a Linux server.

Relay serverProvides similar functions as a receiver, except that the relay server is not directly connected to terminals. Instead, the relay server is connected to multiple initiators simultaneously and manages them in different forwarding groups according to the listening port number. Data received from an initiator is forwarded to other initiators in the same group.

After a connection is established, the router, functioning as either the terminal access initiator or receiver, can transparently transmit the data from the terminal to the peer over the connection. Transparent means that no manual or extra operation is required.

Connections between an initiator and a receiver can use either TCP or UDP.

Terminal access types The following types of terminal access are used in different applications:

True type terminal (TTY) access Telnet terminal access Enhanced Telnet (ETelnet) terminal access Secure Shell (SSH) terminal access Remote terminal connection (RTC) access TTY terminal access, Telnet terminal access, ETelnet terminal access, and SSH terminal access are used to help implement services between a terminal and an FEP, with a router as the initiator and the FEP as the receiver. The difference between them is their method of data encryption and their way of

2

establishing a connection between the initiator and the receiver. Each terminal supports up to eight virtual type terminals (VTYs) using these access types, and supports switchover between the VTYs.

RTC terminal access is used to monitor terminal data. It is initiated by a router and received by another router. Only RTC terminal access supports UDP connections with synchronous terminals.

Support for features depends on the terminal access type. For more information, see "Terminal access feature list" and "Terminal access features."

TTY terminal access

The initiator and receiver of TTY terminal access are a router and an FEP respectively. The service terminal is connected to the router through an asynchronous serial interface. The router is connected to the FEP through a network. Application services run on the FEP. The FEP interacts with the router through the ttyd program, and the router pushes the service display to the service terminal. The router transports data transparently between the connected service terminal and FEP to implement service interaction and processing.

The initiator and receiver programs of TTY terminal access are developed by H3C. TTY terminal access implements the fixed terminal number function and offers many enhanced functions such as dynamic multi-service switching, real-time screen saving, terminal reset, and data encryption. The FEP provides professional terminal management software. The combination of TTY terminal access and routers makes remote offices possible and implementation of IP telephony easier, offering a solution for establishing highly efficient networks with diverse functions.

Telnet terminal access

The initiator and receiver of Telnet terminal access are a router and an FEP respectively. A service terminal is connected to the router (Telnet client) through an asynchronous serial interface. The router is connected to the FEP (Telnet server) through a network. Application services run on the FEP. The FEP interacts with the router through standard Telnet, thereby implementing data exchange between the terminal and the FEP.

ETelnet terminal access

The initiator and receiver of ETelnet terminal access are a router and an FEP respectively. A service terminal is connected to the router (ETelnet client) through an asynchronous serial interface. The router is connected to the FEP (ETelnet server) through a network. Application services run on the FEP. The FEP interacts with the router through an encrypted Telnet connection to further exchange data with the terminal.

In addition to the functions supported by Telnet terminal access, ETelnet terminal access implements data encryption and terminal number binding to improve security.

SSH terminal access

The initiator and receiver of SSH terminal access are a router and an FEP respectively. A service terminal is connected to the router (secure shell) through an asynchronous serial interface. The router is connected to the FEP (SSH server) through a network. Application services run on the FEP. The FEP interacts with the router through standard SSH.

RTC terminal access

The initiator and receiver of RTC terminal access are both routers. RTC terminal access is another typical application of terminal access. It interconnects a local terminal and a remote terminal through routers for data exchange and data monitoring. RTC terminal access supports synchronous mode and asynchronous mode.

3

The monitoring terminal at the data center and the monitored terminal are each connected to a different router through a serial interface, and the routers exchange data with each other through an IP network. Normally, the router connected to the monitoring device acts as the terminal access initiator (the RTC client). The monitoring device is always ready to initiate a connection request at any time to access the data on the monitored device. The router connected to the monitored terminal acts as the terminal access receiver (the RTC server) and is always ready to receive the connection requests from the monitoring device and send monitored data in response. RTC terminal access also supports TCP-based many-to-one transparent data transmission and UDP-based one-to-many transparent data transmission.

RTC terminal access serves the following purposes:

Enabling the monitoring device to manage and monitor remote terminals. Sharing data among multiple terminals such as radar devices. Collecting data from remote terminals. Fulfilling the functions of a multiplexing device and transmitting data over IP networks for easy

network upgrade.

Typical applications of terminal access Terminal access is widely used in networks where large numbers of FEPs are deployed, such as banking, postal service, taxation, customs, and civil aviation. This document uses a banking system as an example to describe terminal access functions, configuration, and applications. Figure 1 shows a typical terminal access application.

Figure 1 Typical terminal access application

As shown in Figure 1, the arrowhead of the dotted line indicates the direction of an established TCP connection, from the initiator to the receiver.

The purple dotted line represents TTY/Telnet/ETelnet/SSH terminal access. The bank outlet is connected to the FEP of the branch through Router A, which is capable of terminal access, over an IP network. Banking services run on the FEP, and the information entered by an employee at the bank outlet is sent to the FEP through Router A. The FEP then sends the corresponding service display to the service terminal though Router A, thereby implementing data exchange between the outlet and the branch.

4

The orange dotted line represents RTC terminal access. Router B acts as an RTC client and Router A as the RTC server. Router B initiates monitoring requests and Router A, upon receiving a monitoring request, sends the data from the monitored terminal to the monitoring device through Router B, to implement terminal monitoring.

Terminal access feature list The following table lists the features of terminal access. "All" in this table means that the feature is supported by all the terminal access types, including TTY, Telnet, ETelnet, SSH, and RTC, which is further classified into TCP_11_Client (RTC TCP one-to-one client), TCP_11_Server (RTC TCP one-to-one server), TCP_N1_Server (relay server), UDP_11_Client (RTC UDP one-to-one client), UDP_11_Server (RTC UDP one-to-one server), and UDP_1N_Server (RTC UDP one-to-many server).

Feature Supported by Description

Source address binding TTY, Telnet, TCP_11_Client, ETelnet, SSH N/A

Terminal menu TTY, Telnet, ETelnet, SSH N/A

Pressing any key to return TTY, Telnet, ETelnet, SSH N/A

Fast VTY service switching TTY, Telnet, TCP_11_Client, ETelnet, SSH N/A

VTY redrawing TTY, Telnet, SSH, ETelnet N/A

Idle connection timeout TTY, Telnet, TCP_11_Client, TCP_11_Server, ETelnet, SSH N/A

Terminal number fixing TTY N/A

Data encryption TTY, ETelnet, SSH N/A

Automatic link establishment TTY, Telnet, TCP_11_Client, ETelnet, SSH N/A

Automatic link teardown TTY, Telnet, TCP_11_Client, TCP_11_Server, ETelnet, SSH N/A

TTY one-to-one access TTY N/A

Terminal display language configuration

All N/A

Screen saving Telnet, ETelnet, SSH N/A

Terminal screen display size Telnet, ETelnet, SSH N/A

Read blocking TTY, Telnet, TCP_11_Client, TCP_11_Server, ETelnet, SSH N/A

Terminal reset TTY, Telnet, TCP_11_Client, ETelnet, SSH N/A

Connectivity test TTY, Telnet, ETelnet, SSH

For Telnet terminal access, only the connectivity test between the terminal and the router is supported.

Data send delay TTY, Telnet, TCP_11_Client, TCP_11_Server, ETelnet, SSH

N/A

5

Feature Supported by Description

TCP buffer parameter configuration

TTY, Telnet, TCP_11_Client, TCP_11_Server, TCP_N1_Server, ETelnet, SSH

N/A

Terminal buffer parameter configuration

TTY, Telnet, TCP_11_Client, TCP_11_Server, TCP_N1_Server, ETelnet, SSH

N/A

Threshold for VTY switching failure times TCP_11_Client N/A

Receiver VTY switching rules TCP_11_Server N/A

RTC terminal authentication TCP_11_Client, TCP_11_Server N/A

Terminal access TTY, Telnet, TCP_11_Client, TCP_11_Server, UDP_11_Client, UDP_11_Server, ETelnet, SSH

N/A

Server connection authentication TTY N/A

TCP RTC many-to-one transparent transmission TCP_11_Client, TCP_N1_Server N/A

UDP RTC one-to-one transparent transmission UDP_11_Client, UDP_11_Server N/A

Filtering of flow control characters TTY, Telnet, ETelnet, SSH N/A

TCP_NODELAY TCP_11_Server, TCP_N1_Server N/A

Statistics support All For more information, see "Displaying and maintaining terminal access configuration."

Terminal access features Figure 2 shows a typical terminal access implementation.

6

Figure 2 Terminal access network

Source address binding

The principle of source IP address binding is to configure an IP address on a stable interface (the loopback interface or dialer interface is recommended) and use this address as the source IP address of the upstream TCP connection from the router through IP unnumbered configuration.

If an FEP runs, the IP address of the router connected to the FEP needs to be authenticated. Therefore, when the dial-up backup function is used in a wide area network (WAN), if the primary link fails, the router begins to use the backup interface. In that case, the IP address of the router is changed, and the authentication fails if source IP address binding is not implemented. To avoid such failures, configure source IP address binding on the router to use a fixed IP address to establish a TCP connection with the FEP.

For security or some other reason, you may need to hide the actual IP address used in the upstream TCP connection on the router, and use another IP address. In that case, you must also configure source IP address binding.

Make sure the FEP and the routers IP address are reachable to each other.

Terminal menu

The terminal menu allows you to bring up the menu interface by pressing the menu hotkey at the terminal. The menu interface displays the services provided by each VTY on the terminal. By entering a service option, you can switch to the corresponding service display. The menu interface displays:

TTY ACCESS SYSTEM VERSION 3.0 1. SELECT VTY(0): chuxu 2. SELECT VTY(1): duigong 0. QUIT

7

INPUT YOUR CHOICE:

Pressing any key to return

When the following events happen, this feature enables the terminal to display an error message, and you can press any key to return to the menu interface:

An invalid menu option is entered. The FEP providing the service you select is unreachable. A connection is terminated.

Fast VTY service switching

The characteristics of banking services require each bank branch to provide services such as deposit and corporate services. However, a terminal at an outlet can process only one type of service. To solve this problem, the terminal access feature of the router implements the VTY switching function, enabling a terminal to process multiple services at the same time and to dynamically switch between the services.

In terminal access, each terminal is logically divided into eight virtual type terminals (VTYs), each of which can be configured to correspond to a service (also known as an application). The operator can press the VTY switching menu hotkey to bring up the VTY switching menu and select a VTY to dynamically switch between different services. In addition, the VTY switching feature provides the screen saving function. When an operator switches from service 1 to service 2, the operating interface of service 1 is automatically saved. When the operator switches from service 2 back to service 1, the original operating interface is automatically restored. If the original operating interface is lost due to a fault, the operator can use the terminal redrawing function to recover it.

VTY redrawing

You can set the VTY redrawing hotkey on the router. When a terminal does not display the normal terminal interface for some reasons (for example, illegible characters appear after the terminal is turned off and then turned on), pressing the terminal redrawing hotkey can restore the normal terminal interface.

Idle connection timeout

If the idle connection timeout function is enabled and no data is transmitted between the initiator and receiver within the idle connection timeout period, the initiator and receiver are automatically disconnected from each other.

Terminal number fixing

As shown in Figure 2, the terminal access program running on the router connected to the terminal enables the terminals to access the FEPs. The terminals are connected to the router through asynchronous serial interfaces. The router numbers all the terminals. On the other side, the router connects to multiple FEPs over the network. Each FEP runs multiple applications. Terminal access universally numbers all the applications, regardless of whether these applications are running on the same FEP or on multiple FEPs. With the numbering of the terminals and the applications and the special processing through the router, the mappings between terminals and banking services are established to implement fixed terminal numbering.

Data encryption

Due to the extensive use of terminal access in banking systems, the requirements of data security become higher and higher. The terminal access data encryption function can be used to encrypt the data transmitted between the router and FEPs to improve data security.

8

As shown in Figure 3, data is transmitted in ciphertext between Router A and the FEP. Router A and the FEP that runs the program ttyd/ccbtelnetd/sshd are responsible for data encryption and decryption. At present, the supported encryption algorithms are as follows:

Advanced encryption standard (AES) encryption is supported by TTY terminal access. AES and RC4 encryption are supported by ETelnet terminal access. RSA and DSA encryption are supported by SSH terminal access. Figure 3 Data encryption procedure between router and FEP

Automatic link establishment

You can enable this function and configure the automatic link establishment time in terminal template view. When the terminal is in the "OK" state (meaning the physical connection is normal), the initiator automatically establishes a TCP connection to the receiver after the specified period. If the automatic link establishment function is disabled on the terminal, you must manually establish a link. In this mode, the initiator establishes a TCP connection to the receiver only when the operator enters a character on the terminal.

Automatic link teardown

You can enable the function and configure the automatic teardown time for the terminal in terminal template view. When the terminal device and the initiator are disconnected from each other, the terminal enters the "down" state. After a specified period of time, the initiator automatically tears down the TCP connection to the receiver. The TCP connection always remains active if the automatic link teardown function is disabled.

TTY one-to-one access

In TTY one-to-one access, each terminal communicates with the FEP (TTY) through a TCP connection to achieve optimum communication quality and highest communication speed under various link states. You can use this mode to achieve high communication speed on low-speed links by adjusting parameters. This mode can also meet the need for frequent and massive printing.

Terminal display language configuration

The initiator generally sends some unsolicited information, such as menus and link establishment information, to the terminal. To meet different language needs, the prompt information can be displayed in either English or Chinese (the default).

Screen saving

Screen saving is implemented in the following ways:

A terminal can display the saved screen contents after receiving specific control characters from a router.

9

A FEP can send the saved screen contents to a terminal when the screen is switched or redrawn on the terminal.

A router can send the saved screen contents to the terminal upon receiving control characters for switching or redrawing the screen from a terminal.

The screen saving function of a terminal, FEP, or router varies. The screen saving function of a router supports Telnet, ETelnet, and SSH. With this function enabled, a router sends the saved screen contents to a terminal at startup, or when you select an item of the menu, switch between VTYs, or press the terminal redrawing hotkey.

Only TTY supports screen saving.

Some types of terminals provide the screen saving function, enabling the terminals to switch to the corresponding screen upon receiving the specified screen code, such as \E!10Q. When you perform VTY service fast switching, the router sends a screen code to the terminal, which switches to the corresponding operation interface after saving the current operation interface. To save the screens of multiple VTYs, you must set different screen codes for these VTYs and make sure the number of screen codes supported by the terminal is greater than the number of configured VTYs. Note that this function needs terminal support. In addition, the screen codes that can be identified vary with terminal types and the number of supported screen codes may also be different.

Terminal screen display size

The terminal screen display size determines the maximum lines and columns of characters that the screen can display. By default, a terminal screen can display up to 24 lines (screen height) and up to 80 characters in each line (columns or screen width). You can set the terminal screen display size to meet different service requirements.

Read blocking

Terminal data read blocking means that, if the router has not sent data received from the terminal successfully, the router stops receiving data from the terminal until all the data is successfully sent. Generally, enable this function only when the transmission rate between the router and the FEP is less than that between the router and the terminal.

Terminal reset

In case the terminal fails to communicate with the receiver, you can press the terminal reset hotkey on the terminal to cause the initiating router to disconnect and then re-establish the TCP connection with the receiver.

Connectivity test

You can configure the terminal test hotkey on the router. By pressing the test hotkey on the terminal, you can test the connectivity between the terminal and the router and the TCP connectivity between the terminal and the FEP.

Data send delay

When data send delay is configured on the router, upon receiving data from the terminal, the router does not send the data to the FEP until the specified period elapses. This allows the information collected within the specified period to be sent together, which increases bandwidth utilization.

TCP buffer parameter configuration

Terminal access allows you to perform two types of buffer parameter configuration operations: TCP buffer and terminal buffer. TCP buffer is used to store the data exchanged between the sender and receiver. Terminal buffer is used to store the data exchanged between the sender and the terminal.

10

You can set some parameters of TCP connection, including the receive buffer size, send buffer size, non-delay attribute, keepalive interval and transmission times.

Terminal buffer parameter configuration

You can set parameters for the terminal buffer, including whether to clear the buffer before receiving data, receive buffer size, send buffer threshold, and the maximum size of data to be sent to the terminal at one time.

Threshold for VTY switching failure times

When an RTC client needs to initiate a connection to an RTC server, it first initiates a connection to the RTC server that corresponds to the VTY with the lowest number. If the number of connection failures exceeds the threshold, the RTC client initiates a connection to the RTC server that corresponds to the VTY with the second lowest number.

Receiver VTY switching rules

If the RTC server is configured to switch between VTYs based on priority (the lower the VTY number, the higher the priority) and the VTY number corresponding to a new connection request is less than the VTY number corresponding to the existing connection, the RTC server tears down the existing connection and begins to use the new connection for communication. If the RTC server is not configured to perform VTY switching based on priority and a connection is already established, the RTC server will ignore any new connection request.

RTC terminal authentication

The RTC server can perform password authentication on RTC clients to enhance security. Authentication succeeds only when the passwords configured on the RTC server and the RTC client match.

Terminal access VPNs

Terminal access supports VPNs. That is, some of the terminals connected to the router can be grouped in one VPN domain and some other in another VPN domain. This allows a terminal to access the FEP or remote router that is in the same VPN domain as the terminal.

Server connection authentication

In practice, some users need to use the FEP to perform necessary authentication on the connected router to enhance data security. Two authentication modes are supported: character string-based authentication and MAC-based authentication.

In character string-based authentication, which is similar to password authentication, the same authentication character string is configured on the FEP and the router. To establish a connection with the FEP, the router sends the authentication character string to the FEP, and the FEP checks whether the authentication strings match. If yes, the authentication succeeds. If not, the authentication fails and the connection attempt fails.

The difference between MAC-based authentication and character string-based authentication is that the MAC addresses configured on the FEP and the router are the same. This MAC address is the MAC address of an interface on the router (You can specify the MAC address with a command).

TCP RTC many-to-one transparent transmission

Some terminal devices, such as radars, need to share data between each other. RTC terminal access provides many-to-one relay forwarding based on TCP. Routers connecting these terminals are connected to one relay server, which copies and forwards data between routers.

11

UDP RTC one-to-one transparent transmission

This mode is mainly applied to voice transmission. TCP RTC transparent transmission has a certain forwarding delay, and is not suitable for voice communications. Because the voice service does not require high reliability, voice data can be transmitted through UDP. This mode provides one-to-one transmission in synchronous mode, but does not support asynchronous mode.

Filtering of flow control characters

Access devices send flow control character strings received from terminals to the FEP. If the FEP receives a packet that contains both the flow control characters 0x13 to enable flow control, and 0x11 to disable flow control, the FEP enables flow control but does not disable it. As a result, the FEP stops sending data to the corresponding terminal, and the display pauses until you disable flow control by pressing the shortcut key. To prevent this issue, configure the device to filter flow control characters out of the data received from terminals and to perform flow control by itself.

TCP_NODELAY

In TCP RTC many-to-one or TCP one-to-one transparent transmission mode, the RTC server complies with RFC 896 to use the Nagle algorithm to prevent network congestions caused by a large number of TCP packets. However, this algorithm also causes time delay during TCP packet transmission for application programs, especially for interactive ones. The RTC server allows you to disable the Nagle algorithm by setting the TCP_NODELAY option.

Terminal access specifications Terminal access initiator specifications

Number Item Description

1 Maximum number of TTYs 255. This number is subject to the number of router interfaces available for terminal access. For TTY terminal access, this number is also subject to the number of FEPs that can be configured.

2 Maximum number of APPs 2040.

3 Maximum number of VTYs supported by each TTY 8.

4 Types of interfaces supported by terminal access Asynchronous serial interface on interface modules such as 8AS, 16AS, 8ASE, and 16ASE.

5 Terminal emulation type VT100 and VT200. 6 Terminal baud rate Ranges from 300 bps to 115200 bps.

7 Access types supporting asynchronous terminals

TTY, Telnet, ETelnet, SSH, TCP_11_Client, TCP_11_Server, TCP_N1_Server.

8 Access types supporting synchronous terminals

UDP_11_Client, UDP_11_Server, UDP_1N_Server, TCP_N1_Server.

Terminal access receiving router specifications

12


1 Maximum number of TTYs 255. This number is subject to the number of router interfaces available for terminal access.

2 Maximum number of APPs 2040.

3 Maximum number of VTYs supported by each TTY 8.

4 Maximum number of peer terminals supported by UDP_1N_Server 10.

Terminal access receiving FEP specifications


1 Maximum number of VTYs supported by a Unix FEP 256

2 Maximum number of VTYs supported by a Linux FEP 4096

3 Maximum number of VTYs supported by an AIX FEP 8192

4 Supported Unix/Linux versions

SCO OpenServer 5.0.5 to 5.0.7 SCO UnixWare 7.1 (only for the one-to-one mode) Sun OS 5.7 IBM AIX 4.3.3 HP UX 10.20, 11.0 Red Hat Linux 9.0 Turbo Linux Redflag Linux Redhat

Relay server specifications

Number Item Description 1 Maximum number of forwarding groups supported by a TCP_N1_Server 64

2 Maximum number of TCP_11_Clients supported by each forwarding group of a TCP_N1_Server 10

Terminal access configuration task list Configure the initiator and the receiver as required. RTC terminal access is initiated and received by routers. TTY terminal access, Telnet terminal access, ETelnet terminal access, and SSH terminal access are initiated by a router and received by a FEP.

Functionally, the configuration commands fall into these types:

Basic configuration commandsUsed for normal operation of terminal access.

13

Advanced configuration commandsUsed for implementing the extended functions of terminal access.

Display and maintenance commandsUsed for displaying and debugging terminal access. The configuration commands can be classified into the commands available in user view, system view, template view, and interface view. Most important configurations of the terminal access system are performed in templates. You can save a series of router parameter configurations into a template. When applying a template to an interface (an asynchronous interface, for example), the system creates a TTY according to the contents of the template and the specified terminal number, and sets up VTYs on the basis of the configuration information in the template. If you modify a template that has been applied to an interface, use the update changed-config command to update the configuration. For convenience, you can configure multiple templates at the same time and apply the templates on different interfaces. Note that only one template can be applied on each interface.

Complete the following tasks to configure terminal access:

Task Remarks

Configuring TTY terminal access

Configuring the TTY initiator Optional.

Configuring the TTY receiver Optional.

Configuring Telnet terminal access

Configuring the Telnet initiator Optional.

Configuring the Telnet receiver Optional.

Configuring ETelnet terminal access

Configuring the ETelnet initiator Optional.

Configuring the ETelnet receiver Optional.

Configuring SSH terminal access

Configuring the SSH initiator Optional.

Configuring the SSH receiver Optional.

Configuring RTC terminal access

Configuring the asynchronous TCP RTC one-to-one initiator (TCP_11_Client) Optional.

Configuring the asynchronous TCP RTC one-to-one receiver (TCP_11_Server) Optional.

Configuring the TCP RTC many-to-one relay server (TCP_n1_Server) Optional.

Configuring the synchronous UDP RTC one-to-one initiator (UDP_11_Client) Optional.

Configuring the synchronous UDP RTC one-to-one receiver (UDP_11_Server) Optional.

Configuring the synchronous UDP RTC one-to-many receiver (UDP_1n_Server) Optional.

Configuring TTY terminal access

Configuring the TTY initiator Basic TTY initiator configuration

14

Step Command Remarks 1. Enter system view. system-view N/A 2. Enable terminal access on the

router. rta server enable Disabled by default.

3. Create a terminal template and enter terminal template view.

rta template template-name N/A

4. Configure a TTY VTY. vty vty-number tty remote ip-address port-number [ source source-ip ]

After this configuration, Telnet VTYs can be configured in this template, but RTC client VTYs or RTC server VTYs cannot.

5. Exit terminal template view. quit N/A

6. Enter interface view. interface interface-type interface-number N/A

7. Configure the asynchronous serial interface to operate in flow mode.

async mode flow

By default, an asynchronous serial interface operates in the protocol mode and an AUX interface the flow mode.

For more information about the async mode flow command, see the async mode command in Interface Command Reference.

8. Apply the template to the interface.

rta terminal template-name terminal-number [ backup ]

After you apply the template to the interface, you must set the flow control mode of the user interface corresponding to the interface to software flow control. To view associations between interfaces and user interfaces, use the display user-interface command.

9. Exit interface view. quit N/A

10. Enter TTY user interface view. user-interface { first-num1 [ last-num1 ] | tty first-num2 [ last-num2 ] }

For more information about the user-interface command, see Fundamentals Command Reference.

11. Enable software flow control of the data on the current user interface.

flow-control software

By default, the flow control mode is none. That is, no flow control is implemented.

For more information about the flow-control software command, see the flow-control command in Fundamentals Command Reference.

Advanced TTY initiator configuration

When you configure advanced TTY initiator settings, follow these guidelines:

If both the global source IP address and the source IP address for a VTY are configured, the source IP address for the VTY is used.

15

Configure TCP parameters before establishing a TCP connection. If you configure the parameters after a TCP connection is established, the TCP connection must be re-established for the parameters to take effect. You can press the reset hotkey on the terminal to re-establish the TCP connection.

Configure the receive buffer size before applying the terminal template. If you configure the receive buffer size after a terminal template is applied, remove the application of the terminal template and apply the terminal template again for the receive buffer size to take effect.

The ASCII value of the hotkey must be different from the ASCII value of any other hotkey configured on the device. Otherwise, hotkey conflicts will occur. For example, the hotkey value cannot be 17 or 19 because these two values are used for flow control. In addition, using the hotkey may not get a fast response when the terminal display is busy.

With the idle timeout time configured, if no data is transmitted over the terminal access connection within the specified period of time, the connection is automatically torn down.

To configure advanced TTY initiator settings:

Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the global

source IP address of TCP connections.

rta source-ip ip-address Optional.

Not configured by default. 3. Bind the MAC address of

the interface for service connection authentication.

rta bind mac-address interface interface-type interface-number

Optional.

Not configured by default. 4. Bind the character string

for service connection authentication.

rta bind string string Optional.

Not configured by default.

5. Enable pressing any key to return. rta vty-style smart

Optional.

Disabled by default.

6. Enter terminal template view. rta template template-name N/A

7. Configure the automatic link teardown time. auto-close time

Optional.

0 seconds by default. That is, no automatic link teardown is performed.

8. Configure the automatic link establishment time. auto-link time

Optional.

0 seconds by default. That is, no automatic link establishment is performed.

9. Bind a VPN instance. bind vpn-instance vpn-name Optional.


10. Enable data encryption. data protect router-unix Optional.

By default, data encryption is disabled between the router and the FEP.

11. Enable terminal data read blocking. data read block

Optional.


12. Configure the terminal data send delay. data send delay milliseconds

Optional.

0 milliseconds by default. That is, there is no send delay.

16

Step Command Remarks 13. Configure the router to not

clear the terminal receive buffer after the TCP connection is established.

driverbuf save

Optional.

By default, the router clears the terminal receive buffer after the TCP connection is established.

14. Configure the terminal receive buffer size. driverbuf size size

Optional.

8 KB by default.

15. Enable filtering of flow control characters. filter flow-control character

Optional.


16. Configure the TCP connection idle timeout time.

idle-timeout seconds Optional.

By default, the connection never times out.

17. Configure the menu hotkey. menu hotkey ascii-code&

Optional.


Use the print menu command before using this command.

18. Configure a screen code for the menu screen. menu screencode string

Optional.



19. Configure the print language.

print language { chinese | english }

Optional.

Chinese by default. 20. Enable the router to print

information on the terminal. print information Optional.

Enabled by default.

21. Enable printing of terminal connection information on the terminal.

print connection-info

Optional.

By default, terminal connection information is printed on the terminal.


22. Enable printing of menu information on the terminal. print menu

Optional.

Enabled by default.

Use the print information command before using this command.

23. Configure the VTY redrawing hotkey. redrawkey ascii-code&

Optional.


24. Configure the terminal reset hotkey. resetkey ascii-code&

Optional.

Not configured by default. 25. Configure the maximum

size of data to be sent to a terminal at one time.

sendbuf bufsize size Optional.

500 bytes by default.

26. Configure the terminal send buffer threshold. sendbuf threshold value

Optional.


17

Step Command Remarks 27. Configure the connectivity

test hotkey. testkey ascii-code& Optional.


28. Configure TCP parameters. tcp { keepalive time count | nodelay | recvbuf-size recvsize | sendbuf-size sendsize }

Optional.

By default, the receive buffer size is 2048 bytes, the send buffer size is 2048 bytes, delay is enabled, the keepalive interval is 50 seconds, and the keepalive number is 3.

29. Configure a description for a VTY. vty vty-number description string

Optional.

Not configured by default. 30. Configure the character

string for triggering VTY screen saving.

vty vty-number screencode string Optional.


31. Configure the VTY switching hotkey.

vty vty-number hotkey ascii-code&

Optional.


32. Update the configuration. update changed-config

Optional.

If you modify the terminal template that has been applied to an interface, use this command to update the configuration. Executing this command will disconnect connections. Make sure critical services are not affected.

Configuring the TTY receiver The receiver of TTY terminal access is an FEP. The main program of terminal access at an FEP is the program ttyd (ttyd executable), which implements the data exchange with the router-side programs. For information about how to configure your FEP, see "Installing and configuring an FEP."

TTY terminal access configuration example Network requirements

As shown in Figure 4, the deposit services run on the Unix server, whose IP address is 1.1.254.77/16. The listening port of the ttyd program on the Unix server is 9010.

The router is connected to four terminals through its four asynchronous interfaces. The source IP address to be bound is 2.2.2.1/32.

18

Figure 4 Network diagram

Configuring the initiator (router)

Perform the following configuration in TTY one-to-one mode:

# Enable terminal access. system-view [Sysname] rta server enable

# Create a template and enter template view. [Sysname] rta template temp1

# Configure a VTY application. [Sysname-rta-template-temp1] vty 0 tty remote 1.1.254.77 9010 [Sysname-rta-template-temp1] quit

# Configure the Ethernet interface. [Sysname] interface ethernet 0/0 [Sysname-Ethernet0/0] ip address 1.1.247.88 255.255.0.0 [Sysname-Ethernet0/0] quit

# Create a loopback interface and configure source IP address binding. [Sysname] interface loopback 0 [Sysname-loopback0] ip address 2.2.2.1 255.255.0.0 [Sysname-loopback0] quit [Sysname] rta source-ip 2.2.2.1

# Apply the template to the asynchronous serial interfaces. [Sysname] interface async 1/0 [Sysname-Async1/0] async mode flow [Sysname-Async1/0] rta terminal temp1 1 [Sysname-Async1/0] interface async 1/1 [Sysname-Async1/1] async mode flow [Sysname-Async1/1] rta terminal temp1 2 [Sysname-Async1/1] interface async 1/2 [Sysname-Async1/2] async mode flow [Sysname-Async1/2] rta terminal temp1 3 [Sysname-Async1/2] interface async 1/3

19

[Sysname-Async1/3] async mode flow [Sysname-Async1/3] rta terminal temp1 4

# Configure software flow control. [Sysname] user-interface tty 17 20 [Sysname-ui-tty17-20] flow-control software

Configuring the receiver (Unix server)

Perform the following configuration by referring to "Installing and configuring an FEP." The following uses SCO OpenServer Unix as an example.

1. Edit the file /etc/ttyd.conf. serverport 9010 mode 1 ttyp40 2.2.2.1 1 ttyp41 2.2.2.1 2 ttyp42 2.2.2.1 3 ttyp43 2.2.2.1 4

2. Add a route on the FEP. # route add 2.2.2.1 netmask 255.255.0.0 1.1.247.88

3. Run ttyd.

Start the ttyd program on the FEP. # /etc/ttyd /etc/ttyd.conf Or follow these steps to start automatically the ttyd program at system startup.

a. Edit the file /etc/rc2.d/S99ttyd and type the following command to start the ttyd program. /etc/ttyd /etc/ttyd.conf

b. Modify the execution mode of the file to executable mode. # chmod u+x /etc/rc2.d/S99ttyd

After that, the ttyd program automatically starts at system startup.

NOTE:

The above examples are operated and configured based on Sco openserver Unix 5.0.5. The operation and configuration differ between Unix platforms. For more information, see "Installing and configuring an FEP."

Configuring Telnet terminal access

Configuring the Telnet initiator Basic Telnet initiator configuration



20

Step Command Remarks 3. Create a terminal template

and enter terminal template view.


4. Configure a Telnet VTY. vty vty-number telnet remote ip-address [ port-number ] [ source source-ip ]

After this configuration, the template can be configured with Telnet VTYs, but not RTC client VTYs or RTC server VTYs.


6. Enter interface view. interface interface-type interface-number

The interface type must be supported by terminal access.


async mode flow



8. Apply the template to an interface.





For more information about the user-interface command, see the user-interface command in Fundamentals Command Reference.

11. Enable software flow control of data on the current user interface.




Advanced Telnet initiator configuration

When you configure advanced Telnet initiator settings, follow these guidelines:

If both the global source IP address and the source IP address of a VTY are configured, the source IP address of the VTY is used.

Configure TCP parameters before establishing a TCP connection. If you configure parameters after a TCP connection is established, the TCP connection must be re-established for the parameters to take effect. You can press the reset hotkey on the terminal to re-establish the TCP connection.

21

Configure the receive buffer size before applying the terminal template. If you configure the receive buffer size after a terminal template is applied, you must remove the application of the terminal template and apply the terminal template again for the receive buffer size to take effect.

The ASCII value of the hotkey must be different from the ASCII value of any other hotkey configured on the device. Otherwise, hotkey conflicts occur. For example, the hotkey value cannot be 17 or 19 because these two values are used for flow control. In addition, using the hotkey may not get a fast response when the terminal display is busy.

Make sure that the terminal type configured is the actual type of the terminal. Otherwise, the screen becomes illegible when it is redrawn or the VTY is changed.

If you modify the screen saving configuration after a terminal connection is established, use the update changed-config command to apply the latest configuration.

To configure advanced Telnet initiator settings:

Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the global

source IP address of TCP connections.




Optional.




Optional.



Optional.



Not configured by default. 8. Enable terminal data

read blocking. data read block Optional.



Optional.


10. Configure the router to not clear the terminal receive buffer after a TCP connection is established.

driverbuf save

Optional.

By default, the router clears the terminal receive buffer after a TCP connection is established.

11. Configure the terminal buffer size. driverbuf size number

Optional.



Optional.


22

Step Command Remarks 13. Configure the TCP

connection idle timeout time.


0 seconds by default. That is, the connection never times out.


Optional.


Configure menu printing before configuring the menu hotkey.


Optional.




Optional.



17. Enable the router to print information on the terminal.

print information Optional.

By default, the router prints information on the terminal.

18. Enable printing of menu information on the terminal.

print menu

Optional.

By default, the menu is printed on the terminal.


19. Configure the print language. print language { chinese | english }

Optional.

Chinese by default.

20. Set the terminal reset hotkey. resetkey ascii-code&

Optional.

Not configured by default. 21. Configure the maximum

size of data to be sent at one time.




Optional.


23. Set the terminal connectivity test hotkey. testkey ascii-code&

Optional.


24. Configure TCP parameters.

tcp { recvbuf-size recvsize | sendbuf-size sendsize | nodelay | keepalive time count }

Optional.

By default, the receive buffer size is 2048 bytes, the send buffer size is 2048 bytes, delay is enabled, keepalive interval is 50 seconds, and the keepalive number is 3.


Optional.


23

Step Command Remarks 26. Configure a screen code

for a VTY screen. vty vty-number screencode string Optional.

Not configured by default. 27. Configure the VTY

switching hotkey. vty vty-number hotkey ascii-code&

Optional.


28. Enable screen saving. screen save enable Optional.

Enabled by default.

29. Set the terminal screen display size.

screen-size height height-in-characters width width-in-characters

By default, the screen can display up to 24 lines and 80 columns of characters.

30. Configure the terminal type. terminal type { vt100 | vt220 }

Optional.

vt100 by default.


Optional.

If you modify the terminal template that has been applied to an interface, use this command to update the configuration. Executing this command will disconnect connections. Make sure critical services are not affected.

Configuring the Telnet receiver The receiver of Telnet terminal access is an FEP. An FEP only needs to run the Telnet server program and the corresponding application program. There is no need to modify or compile the Unix kernel.

Telnet terminal access configuration example Network requirements

As shown in Figure 5, two Unix FEPs use IP addresses 10.110.96.53 and 10.110.96.54 and use the port number 23. A terminal is used at the outlet. On the terminal, the first VTY corresponds to FEP 1, with the VTY switching hotkey Alt+A. The second VTY corresponds to FEP 2, with the VTY switching hotkey Alt+B and the menu hotkey Alt+C.


WAN

FEP 1

FEP 2

Terminal

10.111.0.1/24

Async1/010.110.96.54/24

10.110.96.53/24

Initiator

Receiver

24

Configuration procedure

1. Configure the initiator:

# Enable terminal access. system-view [Sysname] rta server enable # Create a terminal template and enter terminal template view. [Sysname] rta template temp2 # Configure VTY 0. [Sysname-rta-template-temp2] vty 0 telnet remote 10.110.96.53 [Sysname-rta-template-temp2] vty 0 description chuxu # Configure the screen saving code for the VTY 0. [Sysname-rta-template-temp2] vty 0 screencode \E!8Q # Configure the hotkey for VTY 0 as Alt+A. [Sysname-rta-template-temp2] vty 0 hotkey 1 96 13 # Configure VTY 1. [Sysname-rta-template-temp2] vty 1 telnet remote 10.110.96.54 [Sysname-rta-template-temp2] vty 1 description duigong # Configure the screen saving code for VTY 1. [Sysname-rta-template-temp2] vty 1 screencode \E!9Q # Configure the hotkey for VTY 1 as Alt+B. [Sysname-rta-template-temp2] vty 1 hotkey 1 97 13 # Configure the menu hotkey as Alt+C. [Sysname-rta-template-temp2] menu hotkey 1 98 13 [Sysname-rta-template-temp2] quit # Apply the template to the asynchronous serial interface. [Sysname] interface async 1/0 [Sysname-Async1/0] async mode flow [Sysname-Async1/0] rta terminal temp2 3 [Sysname-Async1/0] quit # Configure software flow control. [Sysname] user-interface tty 17 [Sysname-ui-tty17] flow-control software After the above-mentioned configurations, you will see the following menu on the terminal. (You can enter an option on the display or exit by pressing .) TTY ACCESS SYSTEM VERSION 3.0 1. SELECT VTY(0): chuxu 2. SELECT VTY(1): duigong 0. QUIT INPUT YOUR CHOICE:

2. Configure the receiver:

25

The receivers of Telnet terminal access are FEPs. An FEP only needs to run the Telnet server program and the corresponding application program. There is no need to modify or compile the Unix kernel.

Configuring ETelnet terminal access

Configuring the ETelnet initiator Basic ETelnet initiator configuration





4. Configure an ETelnet VTY. vty vty-number etelnet remote ip-address [ port-number ] [ source source-ip ]

After this configuration, the template can be configured with ETelnet VTYs, but not RTC client VTYs or RTC server VTYs.


6. Enter interface view. interface interface-type interface-number [ backup ]



async mode flow

By default, an asynchronous serial interface operates in the protocol mode and an AUX interface operates in the flow mode.








26

Step Command Remarks





Advanced ETelnet initiator configuration

When you perform advanced ETelnet initiator settings, follow these guidelines:


Configure TCP parameters before TCP connections are established. If you configure the parameters after a TCP connection is established, the TCP connection must be re-established for the parameters to take effect. You can press the reset hotkey on the terminal to re-establish the TCP connection.

The receive buffer size must be configured before the terminal template is applied. If you configure the receive buffer size after a terminal template is applied, you must remove the application of the terminal template and apply the terminal template again for the receive buffer size to take effect.



If you modify the screen saving configuration after a terminal connection is already established, use the update changed-config command to apply the latest configuration.

To configure advanced ETelnet initiator settings:


1. Enter system view. system-view N/A

2. Configure the global source IP address of TCP connections.




Optional.




Optional.


27



Optional.





Optional.



Optional.



driverbuf save

Optional.



Optional.



Optional.


13. Configure the TCP connection idle timeout time.


0 seconds by default and the connection never times out.


Optional.


Configure menu printing before configuring the menu hotkey.


Optional.




Optional.



17. Configure the router to print information on the terminal. print information

Optional.



Optional.



28


19. Configure the print language.

print language { chinese | english }

Optional.

Chinese by default.

20. Set the terminal reset hotkey. resetkey ascii-code&

Optional.


21. Configure the maximum size of data to be sent at one time.




Optional.



Optional.


24. Configure TCP parameters. tcp { recvbuf-size recvsize | sendbuf-size sendsize | nodelay | keepalive time count }

Optional.

By default, the receive buffer size is 2048 bytes, send buffer size is 2048 bytes, delay is enabled, keepalive interval is 50 seconds, and keepalive number is 3.


Optional.


26. Configure a screen code for a VTY. vty vty-number screencode string

Optional.


27. Configure the VTY switching hotkey.


Optional.



Enabled by default.




30. Configure the terminal type. terminal type { vt100 | vt220 }

Optional.

vt100 by default.


Optional.

If you modify the terminal template that has been applied to an interface, use this command to apply the latest configuration. Executing this command will disconnect connections. Make sure critical services are not affected.

Configuring the ETelnet receiver The receiver of ETelnet terminal access is an FEP. An FEP only needs to run the ETelnet server program (ccbtelnetd) and the corresponding application program. There is no need to modify or compile the Unix kernel.

29

ETelnet terminal access configuration example Network requirements

As shown in Figure 6, two Unix FEPs use IP addresses 10.110.96.53 and 10.110.96.54 and use the port number 2080. A terminal is used at the outlet. On the terminal, the first VTY corresponds to FEP 1, with the VTY switching hotkey of < Alt+A >. The second VTY corresponds to FEP 2, with the VTY switching hotkey Alt+B and the menu hotkey Alt+C.


Configuration procedure

1. Configure the initiator:

# Enable terminal access. system-view [Sysname] rta server enable # Create a terminal template and enter terminal template view. [Sysname] rta template temp2 # Configure the menu hotkey as Alt+C. [Sysname-rta-template-temp2] menu hotkey 1 98 13 # Configure VTY 0. [Sysname-rta-template-temp2] vty 0 etelnet remote 10.110.96.53 [Sysname-rta-template-temp2] vty 0 description chuxu # Configure the screen saving code for VTY 0. [Sysname-rta-template-temp2] vty 0 screencode \E!8Q # Configure the switching hotkey for VTY 0 as Alt+A. [Sysname-rta-template-temp2] vty 0 hotkey 1 96 13 # Configure VTY 1. [Sysname-rta-template-temp2] vty 1 etelnet remote 10.110.96.54 [Sysname-rta-template-temp2] vty 1 description duigong # Configure the screen saving code for VTY 1. [Sysname-rta-template-temp2] vty 1 screencode \E!9Q # Configure the hotkey for VTY 1 as Alt+B. [Sysname-rta-template-temp2] vty 1 hotkey 1 97 13 [Sysname-rta-template-temp2] quit # Apply the template to the asynchronous serial interface.

WAN

FEP 1

FEP 2

Terminal

10.111.0.1/24

Async1/010.110.96.54/24

10.110.96.53/24

Initiator

Receiver

30

[Sysname] interface async 1/0 [Sysname-Async1/0] async mode flow [Sysname-Async1/0] rta terminal temp2 3 [Sysname-Async1/0] quit # Configure software flow control. [Sysname] user-interface tty 17 [Sysname-ui-tty17] flow-control software After performing the above configurations, you will see the following menu on the terminal. (You can enter an option on the display or exit by pressing .) TTY ACCESS SYSTEM VERSION 3.0 1. SELECT VTY(0): chuxu 2. SELECT VTY(1): duigong 0. QUIT INPUT YOUR CHOICE:

2. Configure the receiver:

The receivers of ETelnet terminal access are FEPs. An FEP only needs to run the ETelnet server program and the corresponding application program. There is no need to modify or compile the Unix kernel.

Configuring SSH terminal access

Configuring the SSH initiator Basic SSH initiator configuration





4. Configure a SSH VTY. vty vty-number ssh remote ip-address [ port-number ] [ source source-ip ]

After this configuration, the template can be configured with SSH VTYs, but not RTC client VTYs or RTC server VTYs.


6. Enter interface view. interface interface-type interface-number


31



async mode flow













Advanced SSH initiator configuration

When you configure advanced SSH initiator settings, follow these guidelines:


Configure TCP parameters before TCP connections are established. If you configure the parameters after a TCP connection is established, the TCP connection must be re-established for the parameters to take effect. You can press the reset hotkey on the terminal to re-establish the TCP connection.

The receive buffer size must be configured before the terminal template is applied. If you configure the receive buffer size after a terminal template is applied, you must remove the application of the terminal template and apply the terminal template again for the receive buffer size to take effect.



If you modify the screen saving configuration after a terminal connection is already established, you must use the update changed-config command to apply the latest configuration.

32

To configure advanced SSH initiator settings:


1. Enter system view. system-view N/A

2. Configure the global source IP address of TCP connections. rta source-ip ip-address

Optional.



Optional.




Optional.



Optional.





Optional.



Optional.



driverbuf save

Optional.



Optional.



Optional.


13. Configure the TCP connection idle timeout time. idle-timeout seconds

Optional.

0 seconds by default and the connection never times out.


Optional.


You must configure menu printing before configuring the menu hotkey.


Optional.


33


16. Enable printing terminal connection information on the terminal.


Optional.


You must use the print information command before using this command.

17. Configure the router to print information on the terminal. print information

Optional.



Optional.


You must use the print information command before using this command.

19. Configure the print language. print language { chinese | english }

Optional.

Chinese by default.

20. Set the terminal reset hotkey. resetkey ascii-code& Optional.


21. Configure the maximum size of data to be sent at one time. sendbuf bufsize size

Optional.



Optional.



Optional.


24. Configure TCP parameters. tcp { recvbuf-size recvsize | sendbuf-size sendsize | nodelay | keepalive time count }

Optional.

By default, the receive buffer size is 2048 bytes, the send buffer size is 2048 bytes, the delay is enabled, the keepalive interval is 50 seconds, and keepalive number is 3.


Optional.


26. Configure a screen code for a VTY. vty vty-number screencode string

Optional.


27. Configure the switching hotkey for a VTY.


Optional.



Enabled by default.




34

Step Command R

05-Terminal Access Configuration Guide-book

Documents

Transcript of 05-Terminal Access Configuration Guide-book