Telnet is a TCP/IP protocol used on the Internet and local area networks to provide a bidirectional interactive text- oriented communications facility using a virtual terminal connection. The Telnet program runs, connects it to a server on the network. A user can then enter commands through the Telnet program and they will be executed as if the user were entering them directly on the server console.Telnet enables users to control the server and communicate with other servers on the network. The default port number for Telnet protocol is 23.Telnet offers users the capability of running programs remotely and facilitates remote administration.

OcNOS supports Telnet over the default and management VRFs via in-band management interface and OOB management interface, respectively.

By default, Telnet runs on the management VRF.

From release 6.5.3, OcNOS supports Telnet over the user defined vrfs as well along with default and management VRFs via in-band interface.

By default, Telnet runs on the management VRF. If user wants to enable telnet feature over user defined vrfs which can be part of MPLS L3VPN/EVPN, it is possible to enable telnet feature over those user defined vrfs.

 

User must able to enable telnet feature over multiple user defined vrfs simultaneously with default/non default telnet ports.

Enable and Disable the Telnet Server on user defined vrf say vrf name is vrf_test

Configure the Telnet Server Port on user defined vrf say vrf name is vrf_test

This section shows a TACACS+ server is configured with an IPv4 address. Authentication messages are transmitted to TACACS+ server from the device using an IPv4 address.

Figure 1-7 shows the sample configuration of TACACS+ server.

 

Users are mapped as shown as shown in Table P‑1-11:

This section shows a TACACS+ server is configured with an IPv6 address. Authentication messages are transmitted to TACACS+ server from the device using an IPv6 address.

Figure 1-8 shows the sample configuration of TACACS+ server.

 

 

Perform TELNET to the Router. Provide the username mentioned in the TACACS+ server "users" file as telnet username. Check that Router sends TACACS request to the TACACS server using IPv6 address.

After authentication, the user can configure accounting to measure the resources that the user consumes during access.

To verify the TACACS accounting process, connect using SSH or Telnet from the host to the client with the user created and provided TACACS server password, and check whether the client validates the user with corresponding username and password.

show tacacs-server, show aaa accounting, show aaa accounting

Authorization is realized by mapping the authenticated users to one of the existing predefined roles as shown in Table P‑1-8.

The privilege information from the TACACS+ server is retrieved for the authenticated users and is mapped onto one of the roles as shown in Table P‑1-11.

Each authenticated user is mapped to one of the pre-defined privilege level.

Users with priv-level <=0 and priv-level > 15 are treated as read-only user mapped onto the pre-defined network-user role.

There is no command to enable authorization. Authorization functionality is enabled by default when remote authentication is enabled with TACACS+.

Authorization is “auto-enabled”. After successful authentication, a user can enter into privilege exec mode, irrespective of its privilege level and such user is not prompted with enable mode password, if configured. However based on their role, commands are rejected if not allowed to perform certain operations.

A network-user has read-only access and can only execute show commands. A network-user cannot enter configure mode. An error message is displayed upon executing any command which is not allowed.

The following attribute value pair in TACACS+ server is used to fetch user privilege information.