how to enable telnet on a AP-230

  • 1
  • Question
  • Updated 1 year ago
per default aerohive APs are reachable by SSH only. for specific reasons I need to access them by telnet. How can I enable it, pls?
I already tried this command --> access-console telnet
but the AP is still not reachable using telnet

thx for any hint on this

BR
Uwe
Photo of Uwe Dreier

Uwe Dreier

  • 16 Posts
  • 1 Reply Like

Posted 1 year ago

  • 1
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
I believe you'll have to configure it under the Additional Settings - Traffic Filter Settings.  You'll need to make a new Traffic Filter and tick the box for Enable Telnet.
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
To add on to Brian's comment, this is a per Network Policy setting. So if you make a new traffic filter that enables telnet, you would need to set that as the traffic filter for each network policy you have. The other option would be to edit the default traffic filter setting (def-service-filter) so that you don't need to go to each network policy and make the change.
Photo of Uwe Dreier

Uwe Dreier

  • 16 Posts
  • 1 Reply Like
thx Brian, Bill ... but I do not have a connection to the hive manager yet and we are far away from final configs ... I only have a guy on site connecting via console port .. to get the AP reachable from remote I need to enable telnet access on the CLI
Photo of Luke Harris

Luke Harris

  • 265 Posts
  • 18 Reply Likes
Uwe, forgive me if I'm stating the obvious. But I would assume you will remove telnet access once your APs have been deployed. 
Photo of Uwe Dreier

Uwe Dreier

  • 16 Posts
  • 1 Reply Like
of course I will do so ... it is just to get them connected to the HiveManager ... something not so easy in customers environment .. no default route to the internet, proxy PAC files etc. -- and the access point is around 9300km away from me --
(Edited)
Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
My question is why can't you use SSH? Is SSH blocked and the less secure Telnet allowed? If you're locking a network down, you would block Telnet before you would block SSH.
Photo of Uwe Dreier

Uwe Dreier

  • 16 Posts
  • 1 Reply Like
the only way to access the AP is from a cisco router .. to allow SSH on a cisco you have to create something on the router which I would like to avoid .. as I will only telnet to get the connection to the Hive Manager running .. and than to shut telnet again.
in the meantime I got the following command and hope that this will work.

interface eth0 manage telnet

Photo of Bill W.

Bill W.

  • 222 Posts
  • 35 Reply Likes
OK, that makes sense. I didn't think about it being on a network that didn't at least have a computer or server on it that you were using to connect to it.
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
So a combo of the following commands should get you what you need. 

hive <hive name (Aerohive by default) namage Telnet
interface eth0 manage Telnet
interface eth1 manage Telnet
Photo of Uwe Dreier

Uwe Dreier

  • 16 Posts
  • 1 Reply Like
thx Brian .. the last two commands solved it .. think my guy onsite conencted to ETH1 instead of ETH0 ..
Photo of Uwe Dreier

Uwe Dreier

  • 16 Posts
  • 1 Reply Like
hi,
another strange behavior happen ... there is a proxy in the communication between the client and the HM. I do not get connected from AP to HM.
AP is already configured to use HTTP and port 80 as transportprotocol .. the proxy is also configured on the AP ..
config like below

interface eth0 manage telnet
interface eth1 manage telnet
system led power-saving-mode delay 24 on 4 off 64
interface mgt0 ip <client IP> 255.255.255.192
ip route net 0.0.0.0 0.0.0.0 gateway <def. GW>
no interface mgt0 dhcp client
dns server-ip <DNS IP>
dns server-ip <DNS IP> second
no ntp enable
capwap client server port 80
capwap client server name hmng-prd-ie-cwpm-01.aerohive.com
capwap client HTTP proxy name <PROXY-IP> port 9400
capwap client transport HTTP

Now I face the issue that the AP send a [FIN, ACK] after ~2sec and consequently there is a GW timeout later (~55sec) .. is the behavior normal? I think no, as if the AP close the communication before he got back anything it will never work, right? attached the wireshark trace of this session.

thx for any hint
BR
Uwe