Using Telnet
Using Secure Shell
© Copyright Lenovo 2018
A Telnet connection offers the convenience of accessing the switch from a
workstation connected to the network. Telnet access provides the same options for
user and administrator access as those available through the console port.
By default, Telnet access is disabled. Use the following commands (available on the
console only) to enable or disable Telnet access:
NE2552E(config)# [no] access telnet enable
Once the switch is configured with an IP address and gateway, you can use Telnet
to access switch administration from any workstation connected to the
management network.
To establish a Telnet connection with the switch, run the Telnet program on your
workstation and issue the following Telnet command:
telnet <switch IPv4 or IPv6 address>
You will then be prompted to enter a password as explained "Switch Login Levels"
on page
46.
Two attempts are allowed to log in to the switch. After the second unsuccessful
attempt, the Telnet client is disconnected via TCP session closure.
Although a remote network administrator can manage the configuration of a
NE2552E via Telnet, this method does not provide a secure connection. The Secure
Shell (SSH) protocol enables you to securely log into another device over a network
to execute commands remotely. As a secure alternative to using Telnet to manage
switch configuration, SSH ensures that all data sent over the network is encrypted
and secure.
The switch can do only one session of key/cipher generation at a time. Thus, a
SSH/SCP client will not be able to login if the switch is doing key generation at that
time. Similarly, the system will fail to do the key generation if a SSH/SCP client is
logging in at that time.
The supported SSH encryption and authentication methods are listed below.
Server Host Authentication: Client RSA‐authenticates the switch when starting
each connection
Key Exchange: ecdh‐sha2‐nistp521, ecdh‐sha2‐nistp384, ecdh‐sha2‐nistp256,
ecdh‐sha2‐nistp224, ecdh‐sha2‐nistp192, rsa2048‐sha256, rsa1024‐sha1,
diffie‐hellman‐group‐exchange‐sha256, diffie‐hellman‐group‐exchange‐sha1,
diffie‐hellman‐group14‐sha1, diffie‐hellman‐group1‐sha1
Encryption: aes128‐ctr, aes128‐cbc, rijndael128‐cbc, blowfish‐cbc,3des‐cbc,
arcfour256, arcfour128, arcfour
MAC: hmac‐sha1, hmac‐sha1‐96, hmac‐md5, hmac‐md5‐96
User Authentication: Local password authentication, RADIUS, TACACS+
Chapter 1: Switch Administration
33