身份验证模式: authentication-mode
有两种模式AAA认证和password密码模式,
在同一个开启了password认证后再开启aaa认证,认证将会改为aaa认证
[R3-ui-vty0-4]authentication-mode ?
aaa AAA authentication
password Authentication through the password of a user terminal interface
password认证
authentication-mode pass默认等级是0,需要提升权限
set authentication password cipher admin 建立身份验证口令 密码是admin
user privilege level 1 使用特权等级(0-15级)不严谨的话,默认给15,全局等级
缺省情况下,命令按如下0~3级进行注册。一般情况下,管理员级别为3级。
0级,访问级:网络诊断工具命令(ping、tracert)、从本设备出发访问外部设备的命令(包括:Telnet客户端、SSH)等。
1级,监控级:用于系统维护,包括display等命令。
2级,配置级:业务配置命令,包括路由、各个网络层次的命令,向用户提供直接网络服务。
3级,管理级:用于系统基本运行的命令,对业务提供支撑作用,包括文件系统、FTP、TFTP下载、配置文件切换命令、用户管理命令、命令级别设置命令、系统参数设置命令;用于业务故障诊断的debugging命令等。
如果用户需要实现权限的精细管理,可以将命令级别提升到0~15级。例如缺省情况下,2级管理员只能执行0~2级的命令,3~15级的管理员可以执行所有命令。
authentication-mode password模式
10.1.1.254 24
<R1>sys
Enter system view, return user view with Ctrl+Z.
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 10.1.1.254 24
[R1-GigabitEthernet0/0/0]q
<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode pass
Please configure the login password (maximum length 16):admin
[R1-ui-vty0-4]set authentication password cipher admin
[R1-ui-vty0-4]user privilege level 1
[R1-ui-vty0-4]quitAAA认证
认证、授权、计费
[R2-aaa]?
aaa interface view commands:
accounting-scheme Configure accounting scheme
arp-ping ARP-ping
authentication-scheme Configure authentication scheme
authorization-modify Authorization modify
authorization-scheme Set authorization scheme
backup Backup information
clear Clear
cmd Set command type recording scheme
cut Cut connection
dialer Dialer
display Display information
domain Domain
domain-location Configure the position of domain name
domain-name-delimiter Configure delimiter of username
domainname-parse-direction Configure the direction of domainname parsing
local-user Add/Delete/Set user(s)
mtrace Trace route to multicast source
outbound Set outbound type recording scheme
ping <Group> ping command group
quit Exit from current mode and enter prior mode
recording-scheme Set recording scheme
reset <Group> reset command group
return Enter the privileged mode
security-name-delimiter Configure delimiter of username and security info
service-scheme Configure service scheme
system Set system type recording scheme
test-aaa Accounts test
tracert <Group> tracert command group
undo Negate a command or set its defaults
local-user admin password cipher admin privilege level 3
创建本地用户 admin 口令密码 admin 特权等级lv3
R2-aaa]local-user ?
STRING<1-64> User name, in form of 'user@domain'. Can use wildcard '*',
while displaying and modifying, such as *@isp,user@*,*@*.Can
not include invalid character / \ : * ? " < > | @ '
wrong-password Use wrong password to authenticate
local-user admin service-type telnet 本地用户 admin 授权服务类型是 telnet
[R2-aaa]local-user admin service-type ?
8021x 802.1x user
bind Bind authentication user
ftp FTP user
http Http user
ppp PPP user
ssh SSH user
sslvpn Sslvpn user
telnet Telnet user
terminal Terminal user
web Web authentication user
x25-pad X25-pad user
[R2-aaa]local-user admin service-type
10.1.1.1 24
<R2>sys
Enter system view, return user view with Ctrl+Z.
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 10.1.1.1 24
[R2-GigabitEthernet0/0/0]q
[R2]aaa
[R2-aaa]local-user admin password cipher admin privilege level 3
[R2-aaa]local-user admin service-type telnet
[R2-aaa]q
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
[R2-ui-vty0-4]q
连续转接telnet测试
10.1.1.2先telnet10.1.1.1再telnet10.1.1.254
10.1.1.1查看连接dis users记录的是10.1.1.2的ip
10.1.1.254查看连接dis users记录的是10.1.1.1的ip
1889
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
