12.2. Telnet Server configuration

The Telnet server allows standard telnet-protocol clients (available for most client platforms) to connect to the FB6000 and access a command-line interface (CLI). The CLI is documented in Chapter 15 and in the Command Line Reference.

12.2.1. Access control

As with the HTTP server, access can be restricted to :-

  • specific client IP addresses, and/or
  • clients connecting from locally-attached Ethernet subnets only.

Access can also be completely restricted under the control of a profile.

Note

By default, the FB6000 will only allow telnet access from machines that are on one of the locally-attached Ethernet subnets[2]. This default is used since the CLI offers a degree of system control that is not available via the web interface - for example, software images stored in the on-board Flash memory can be deleted via the CLI.

To restrict access by client IP address instead, using the user interface, check the checkbox next to the local-only attribute and select false from the drop-down box. Then check the checkbox next to the allow attribute, and enter one or more IP addresses, or IP address ranges into the text entry box - use the Enter key to separate your list items. See the Tip above for recognised range specification formats.

The example XML below shows the telnet service configured this way :-

<telnet allow="10.0.0.0/24 10.1.0.3-98 10.100.100.88 10.99.99.0/24"
          comment="telnet service access restricted by IP address"
          local-only="false"/>

Tip

You can verify whether the access control performs as intended using the diagnostic facility described in Section 13.1