eNSP设备管理配置

最新推荐文章于 2024-05-26 21:34:47 发布

集思成才

最新推荐文章于 2024-05-26 21:34:47 发布

阅读量437

点赞数

分类专栏： eNSP配置文章标签：网络

本文链接：https://blog.csdn.net/qq_58956461/article/details/133521707

版权

eNSP配置专栏收录该内容

1 篇文章 0 订阅

订阅专栏

设备管理方式;本地管理、远程管理
本地管理使用console线路
远程管理使用vty线路
vty线路可以允许多个用户同时登录，console线路只能允许1个用户同时登录

配置console线路密码

配置console线路有两种认证模式：密码认证模式和aaa认证模式

在这里插入图片描述

密码认证模式

配置：

<Huawei>system-view 	//进入视图
[Huawei]sysname R1	//修改设备名称
[R1]user-interface console 0   //进入console线路
[R1-ui-console0]authentication-mode password    //选择密码认证模式
Please configure the login password (maximum length 16):123456  //输入密码
[R1-ui-console0]q
[R1]q
<R1>q   //退出设备
  Configuration console exit, please press any key to log on
Login authentication

验证：

Password:     //打开设备见此，输入密码
<R1>system-view   //进入视图
Enter system view, return user view with Ctrl+Z.
[R1]

aaa认证模式

配置：

[R1]user-interface console 0                         //进入console线路
[R1-ui-console0]authentication-mode aaa  		//选择认证模式为aaa
[R1-ui-console0]q     //退出
[R1]aaa         //进入aaa认证模式
[R1-aaa]local-user user0 password cipher 123   //创建三个账号及对应密码
Info: Add a new user.
[R1-aaa]local-user user1 password cipher 456
Info: Add a new user.
[R1-aaa]local-user user2 password cipher 789
Info: Add a new user.
[R1-aaa]local-user user0 privilege level 0     //分配三个账号不同的权限级别
[R1-aaa]local-user user1 privilege level 1	
[R1-aaa]local-user user2 privilege level 2
[R1-aaa]q
[R1]q
<R1>q
  Configuration console exit, please press any key to log on
Login authentication

验证：

Username:user0      //输入用户名
Password:           //输入密码
<R1>

设备配置用户权限有0-15级（共16级）
15级为最高等级，3级以上暂不研究
0级：访问级权限
1级：监控级权限
2级：系统级权限
3级：管理级权限

配置远程管理密码

配置vty线路有两种远程管理模式：telnet远程管理模式和ssh远程管理模式
telnet是明文协议，数据都以明文形式传输，不安全
ssh是密文协议，数据经过加密后传输，安全性更高

在这里插入图片描述

telnet远程管理

配置：

R1：
<Huawei>system-view 
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.10.1 24
Oct  3 2023 14:20:22-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state.

R2:	
<Huawei>system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R2
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.10.2 24
Oct  3 2023 15:24:39-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state.

R2：
[R2]user-interface vty 0 4		//进入远程线路vty 0 4
[R2-ui-vty0-4]authentication-mode aaa	//使用aaa认证模式
[R2-ui-vty0-4]q
[R2]aaa		//进入aaa配置
[R2-aaa]local-user user password cipher 123456	//创建用户和密码
[R2-aaa]local-user user privilege level 3		//给用户分配权限
[R2-aaa]local-user user service-type telnet	//定义用户的服务类型

验证：

<R1>telnet 192.168.10.2  //远程登录IP地址为192.168.10.2的设备
  Press CTRL_] to quit telnet mode
  Trying 192.168.10.2 ...
  Connected to 192.168.10.2 ...
Login authentication
Username:user //输入用户名称
Password:        //输入用户密码123456
<R2>   	       //进入R2界面

ssh远程管理

配置：

R1：
<Huawei>system-view 
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.10.1 24
Oct  3 2023 14:20:22-08:00 R1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state.

R2:	
<Huawei>system-view 
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R2
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 192.168.10.2 24
Oct  3 2023 15:24:39-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP 
on the interface GigabitEthernet0/0/0 has entered the UP state.

R1:
[R1]stelnet server enable 	//开启SSH协议
Info: Succeeded in starting the STELNET server. 
[R1]rsa local-key-pair create //创建加密报文的密钥对
The key name will be: Host
% RSA keys defined for Host already exist.
Confirm to replace them? (y/n)[n]:y	 	//yes
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       It will take a few minutes.
Input the bits in the modulus[default = 512]:1024	 //密钥长度
Generating keys...
....++++++
..........++++++
........++++++++
.......++++++++
[R1]aaa	//使用aaa认证模式
[R1-aaa]local-user user1 password cipher 123		//创建用户及密码
Info: Add a new user.
[R1-aaa]local-user user1 privilege level 3 	//分配用户权限
[R1-aaa]local-user user1 service-type ssh	//创建ssh用户
[R1-aaa]q					//退出
[R1]user-interface vty 0 4	//进入vty线路
[R1-ui-vty0-4]authentication-mode aaa 		//使用aaa认证模式
[R1-ui-vty0-4]protocol inbound ssh		//开启vty线路的ssh访问功能
[R1-ui-vty0-4]q			//退出
[R1]ssh user user1 authentication-type all		//定义ssh用户的认证模式
 Authentication type setted, and will be in effect next time
[R1]
Oct  3 2023 16:09:47-08:00 R1 %%01SSH/4/SSH_FAIL(l)[0]:Failed to log in through 
SSH. (Ip=192.168.10.2, UserName=user1, Times=16777216).
[R1]
Oct  3 2023 16:09:55-08:00 R1 %%01SSH/4/SSH_FAIL(l)[1]:Failed to log in through 
SSH. (Ip=192.168.10.2, UserName=user1, Times=33554432).
[R1]

验证：

[R2]ssh client first-time enable   	//用来使能SSH客户端首次认证
[R2]stelnet 192.168.10.1			//ssh登录IP地址为192.168.10.1的设备
Please input the username:user1		//输入用户名user1
Trying 192.168.10.1 ...
Press CTRL+K to abort
Connected to 192.168.10.1 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y 	 //yes
Oct  3 2023 16:09:35-08:00 R2 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server ha
d not been authenticated in the process of exchanging keys. When deciding whethe
r to continue, the user chose Y. 
[R2]
Save the server's public key? (y/n)[n]:y		//yes
The server's public key will be saved with the name 192.168.10.1. Please wait...
Oct  3 2023 16:09:40-08:00 R2 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding wheth
er to save the server's public key 192.168.10.1, the user chose Y. 
[R2]
Enter password:	//输入用户密码123
Enter password:
<R1>