设备管理方式;本地管理、远程管理
本地管理使用console线路
远程管理使用vty线路
vty线路可以允许多个用户同时登录,console线路只能允许1个用户同时登录
配置console线路密码
配置console线路有两种认证模式:密码认证模式和aaa认证模式
密码认证模式
配置:
<Huawei>system-view //进入视图
[Huawei]sysname R1 //修改设备名称
[R1]user-interface console 0 //进入console线路
[R1-ui-console0]authentication-mode password //选择密码认证模式
Please configure the login password (maximum length 16):123456 //输入密码
[R1-ui-console0]q
[R1]q
<R1>q //退出设备
Configuration console exit, please press any key to log on
Login authentication
验证:
Password: //打开设备见此,输入密码
<R1>system-view //进入视图
Enter system view, return user view with Ctrl+Z.
[R1]
aaa认证模式
配置:
[R1]user-interface console 0 //进入console线路
[R1-ui-console0]authentication-mode aaa //选择认证模式为aaa
[R1-ui-console0]q //退出
[R1]aaa //进入aaa认证模式
[R1-aaa]local-user user0 password cipher 123 //创建三个账号及对应密码
Info: Add a new user.
[R1-aaa]local-user user1 password cipher 456
Info: Add a new user.
[R1-aaa]local-user user2 password cipher 789
Info: Add a new user.
[R1-aaa]local-user user0 privilege level 0 //分配三个账号不同的权限级别
[R1-aaa]local-user user1 privilege level 1
[R1-aaa]local-user user2 privilege level 2
[R1-aaa]q
[R1]q
<R1>q
Configuration console exit, please press any key to log on
Login authentication
验证:
Username:user0 //输入用户名
Password: //输入密码
<R1>
设备配置用户权限有0-15级(共16级)
15级为最高等级,3级以上暂不研究
0级:访问级权限
1级:监控级权限
2级:系统级权限
3级:管理级权限
配置远程管理密码
配置vty线路有两种远程管理模式:telnet远程管理模式和ssh远程管理模式
telnet是明文协议,数据都以明文形式传输,不安全
ssh是密文协议,数据经过加密后传输,安全性更高
telnet远程管理
配置:
R1:
<Huawei>system-view
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.10.1 24
Oct 3 2023 14:20:22-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
R2:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R2
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.10.2 24
Oct 3 2023 15:24:39-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
R2:
[R2]user-interface vty 0 4 //进入远程线路vty 0 4
[R2-ui-vty0-4]authentication-mode aaa //使用aaa认证模式
[R2-ui-vty0-4]q
[R2]aaa //进入aaa配置
[R2-aaa]local-user user password cipher 123456 //创建用户和密码
[R2-aaa]local-user user privilege level 3 //给用户分配权限
[R2-aaa]local-user user service-type telnet //定义用户的服务类型
验证:
<R1>telnet 192.168.10.2 //远程登录IP地址为192.168.10.2的设备
Press CTRL_] to quit telnet mode
Trying 192.168.10.2 ...
Connected to 192.168.10.2 ...
Login authentication
Username:user //输入用户名称
Password: //输入用户密码123456
<R2> //进入R2界面
ssh远程管理
配置:
R1:
<Huawei>system-view
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.10.1 24
Oct 3 2023 14:20:22-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
R2:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R2
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.10.2 24
Oct 3 2023 15:24:39-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP
on the interface GigabitEthernet0/0/0 has entered the UP state.
R1:
[R1]stelnet server enable //开启SSH协议
Info: Succeeded in starting the STELNET server.
[R1]rsa local-key-pair create //创建加密报文的密钥对
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y //yes
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:1024 //密钥长度
Generating keys...
....++++++
..........++++++
........++++++++
.......++++++++
[R1]aaa //使用aaa认证模式
[R1-aaa]local-user user1 password cipher 123 //创建用户及密码
Info: Add a new user.
[R1-aaa]local-user user1 privilege level 3 //分配用户权限
[R1-aaa]local-user user1 service-type ssh //创建ssh用户
[R1-aaa]q //退出
[R1]user-interface vty 0 4 //进入vty线路
[R1-ui-vty0-4]authentication-mode aaa //使用aaa认证模式
[R1-ui-vty0-4]protocol inbound ssh //开启vty线路的ssh访问功能
[R1-ui-vty0-4]q //退出
[R1]ssh user user1 authentication-type all //定义ssh用户的认证模式
Authentication type setted, and will be in effect next time
[R1]
Oct 3 2023 16:09:47-08:00 R1 %%01SSH/4/SSH_FAIL(l)[0]:Failed to log in through
SSH. (Ip=192.168.10.2, UserName=user1, Times=16777216).
[R1]
Oct 3 2023 16:09:55-08:00 R1 %%01SSH/4/SSH_FAIL(l)[1]:Failed to log in through
SSH. (Ip=192.168.10.2, UserName=user1, Times=33554432).
[R1]
验证:
[R2]ssh client first-time enable //用来使能SSH客户端首次认证
[R2]stelnet 192.168.10.1 //ssh登录IP地址为192.168.10.1的设备
Please input the username:user1 //输入用户名user1
Trying 192.168.10.1 ...
Press CTRL+K to abort
Connected to 192.168.10.1 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y //yes
Oct 3 2023 16:09:35-08:00 R2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server ha
d not been authenticated in the process of exchanging keys. When deciding whethe
r to continue, the user chose Y.
[R2]
Save the server's public key? (y/n)[n]:y //yes
The server's public key will be saved with the name 192.168.10.1. Please wait...
Oct 3 2023 16:09:40-08:00 R2 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding wheth
er to save the server's public key 192.168.10.1, the user chose Y.
[R2]
Enter password: //输入用户密码123
Enter password:
<R1>