1. Check Whether the PC and Switch Ping Each Other Successfully

Confirm that no IP address conflict occurs. If the tested PC has two network adapters, disable the unused network adapter and use the other network adapter for test.
Perform ping operations on the PC and switch respectively to ensure that the PC and switch communicate properly.

<HUAWEI> ping 10.138.116.109                      
PING 10.138.116.109: 56  data bytes, press CTRL_C to break    
 Reply from 10.138.116.109: bytes=56 Sequence=1 ttl=127 time=3 ms  
 Reply from 10.138.116.109: bytes=56 Sequence=2 ttl=127 time=1 ms  
 Reply from 10.138.116.109: bytes=56 Sequence=3 ttl=127 time=2 ms  
 Reply from 10.138.116.109: bytes=56 Sequence=4 ttl=127 time=2 ms  
 Reply from 10.138.116.109: bytes=56 Sequence=5 ttl=127 time=2 ms                         
 --- 10.138.116.109 ping statistics ---  
 5 packet(s) transmitted  
 5 packet(s) received  
 0.00% packet loss  
 round-trip min/avg/max = 1/2/3 ms

 
If the PC and switch cannot communicate, check whether a ping fault occurs. If the PC is directly connected to the switch, locate the fault based on A Directly Connected Device Fails to Ping the Switch in the Relevations of Troublesolving. If the PC is not directly connected to the switch, check whether there are reachable routes between them, and whether restriction policies are configured on the PC, switch, and intermediate device.
 

2. Checking Whether the Telnet Service Has Been Enabled

Log in to the switch through the console port and check whether the Telnet service has been enabled.
Run the display telnet server status command and check the TELNET IPv4 server field in the command output. If the field displays Enable, the Telnet service has been enabled. If the field displays Disable, the Telnet service is disabled.

<HUAWEI> display telnet server status 
 TELNET IPv4 server                       :Enable 
 TELNET IPv6 server                       :Enable
 TELNET server port                       :23
 TELNET server source address             :0.0.0.0
 ACL4 number                              :0
 ACL6 number                              :0

 
If the TELNET IPv4 server field displays Disable, run the telnet server enable command to enable the Telnet service.

<HUAWEI> system-view 
[HUAWEI] telnet server enable

3. Checking Whether the Number of Login Users Is Normal

Log in to the switch through the console port and check the number of login users to determine whether all VTY user interfaces are occupied.
By default, the maximum number of users allowed to log in through VTY user interfaces is 5.

<HUAWEI> display users   
  User-Intf    Delay    Type   Network Address     AuthenStatus    AuthorcmdFlag
+ 34  VTY 0   00:00:00  TEL    10.134.51.65              pass           no      
  Username : huawei
<HUAWEI> display user-interface maximum-vty        
 Maximum of VTY user:5

 
If the number of login users reaches the upper limit, run the user-interface maximum-vty 15 command to increase the maximum number of users allowed to log in through VTY user interfaces to 15.

[HUAWEI] user-interface maximum-vty 15

4. Checking Whether the ACL Configuration in the VTY User Interface View Is Correct

Log in to the switch through the console port and run the user-interface vty command to enter the user interface view. Run the display this command to check whether an ACL is configured on the VTY user interface.
If an ACL is configured, record the ACL number.
If no ACL is configured, skip this step.

<HUAWEI> sys 
[HUAWEI] user-interface vty 0 4 
[HUAWEI-ui-vty0-4] dis this 
#
user-interface con 0
 authentication-mode aaa
user-interface vty 0 4
 acl 3000 inbound 
 authentication-mode aaa
 protocol inbound all
user-interface vty 16 20
#

 
return
If an ACL is configured, check whether the IP address of the Telnet client is denied in the ACL. If the IP address is denied, delete the deny rule in the ACL view, and modify the IP addresses of clients that are permitted in the ACL.
For example, an ACL is configured on the switch and a deny rule is configured for the IP address (192.168.1.2) of the Telnet client.

[HUAWEI-ui-vty0-4] dis acl 3000 
Advanced ACL 3000, 1 rule
Acl's step is 5

 
rule 5 deny tcp source 192.168.1.2 0 (match-counter 0)
[HUAWEI-ui-vty0-4] q
Modify the ACL to allow the IP address of the Telnet client to access the switch.

[HUAWEI] acl 3000 
[HUAWEI-acl-adv-3000] undo rule 5 
[HUAWEI-acl-adv-3000] rule 5 permit tcp source 192.168.1.2 0 
[HUAWEI-acl-adv-3000] display this 
#
acl number 3000
 rule 5 permit tcp source 192.168.1.2 0
#
return

5. Checking Whether the Access Protocol Configuration in the VTY User Interface View Is Correct

Log in to the switch through the console port and run the user-interface vty command to enter the user interface view. Run the display this command and check whether protocol inbound in the VTY user interface displays telnet or all. By default, the system supports Telnet. If telnet or all is not displayed, change the configuration to allow Telnet users to access the switch.

[HUAWEI-ui-vty0-4] display this 
#
user-interface maximum-vty 15
user-interface con 0
user-interface vty 0 14
 authentication-mode none
 user privilege level 3
 protocol inbound ssh 
user-interface vty 16 20
 protocol inbound telnet
#
return

 
For example, configure the switch to allow Telnet users.

[HUAWEI-ui-vty0-4] protocol inbound telnet

 
Or

[HUAWEI-ui-vty0-4] protocol inbound all

6. Checking Whether the Login Authentication Configuration in the VTY User Interface View Is Correct

Log in to the switch through the console port and run the user-interface vty command to enter the user interface view. Run the display this command to check the login authentication mode.
Currently, the following authentication modes are mainly used:
authentication-mode none: non-authentication mode
authentication-mode password: password authentication mode
authentication-mode aaa: AAA authentication mode

[HUAWEI-ui-vty0-4] display this 
#
user-interface maximum-vty 15
user-interface con 0
user-interface vty 0 14
 authentication-mode none 
 user privilege level 3
 protocol inbound ssh
user-interface vty 16 20

 
If password authentication mode is configured in the VTY user interface, you must configure the login password and user level in the VTY user interface view. Run the display this command in the VTY user interface view to check whether the login password and user level are configured. If not, configure them based on the following example.
 
For example, set the login password to Huawei@123 and user level to 15.

[HUAWEI-ui-vty0-4] set authentication password cipher Huawei@123 
[HUAWEI-ui-vty0-4] user privilege level 15

 
If AAA authentication mode is configured in the VTY user interface, you must create a local AAA user. Run the display this command in the AAA view to check the configuration. You must specify the level and service type for the account; otherwise, you cannot use this account to log in to the switch.
 
For example, the user name is admin and password is Admin@huawei.com. If the account configuration is incorrect, run the aaa command to enter the AAA view, reconfigure the account based on the following commands, and log in to the switch.

[HUAWEI] aaa
[HUAWEI-aaa] local-user admin password cipher Admin@huawei.com
[HUAWEI-aaa] local-user admin privilege level 15
[HUAWEI-aaa] local-user admin service-type telnet http terminal

7. Collecting Information and Seeking Technical Support

If the fault persists, collect related information and seek technical support.
Collecting Fault Information
Collect operation results of the preceding steps and record the results in a file.
Collect all diagnostic information and export the information to a file.
Run the display diagnostic-information file-name command in the user view to collect diagnostic information and save the information to a file.

<HUAWEI> display diagnostic-information dia-info.txt
Now saving the diagnostic information to the device
 100%
Info: The diagnostic information was saved to the device successfully.

 
 
When the diagnostic file is generated, you can export the file from the device using FTP, SFTP, or SCP.
 
NOTICE:
You can run the dir command in the user view to check whether the file is generated.
You can also run the display diagnostic-information command and save terminal logs in a diagnostic file on a disk.
If this command displays a long output, press Ctrl+C to abort this command.
This command displays diagnostic information, which helps locate faults but may affect system performance. For example, CPU usage may become high. Therefore, do not use this command when the system is running properly.
Running the display diagnostic-information command simultaneously on multiple terminals connected to the device is prohibited. This is because CPU usage of the device may obviously increase and the device performance may be degraded.
 
Collect the log and trap information on the device and export the information to files.
Run the save logfile all command in the user view to save the logs in the user log buffer area and diagnostic log buffer area to the user log file and diagnostic log file, respectively.

<HUAWEI> save logfile all
Info: Save logfile successfully.
Info: Save diagnostic logfile successfully.

 
When the diagnostic file is generated, you can export the file from the device using FTP, SFTP, or SCP.
 
NOTE:
You can also run the display logbuffer and display trapbuffer commands to view the log and trap information on the device, and save the information in diagnostic files on a disk.
 
If you need more technical support, please feel free to contact csd@telecomate.com.
 
NOTE:
Technical support personnel will provide instructions for you to submit all the collected information and files, so that they can locate faults.