1 配置通过console口登录
对于第一次登录设备,用户可以使用PC通过设备的Console口登录,实现对第一次上电的设备进行基本配置和管理。
如上图所示可以在ENSP模拟器上使用console线登录网络设备;
打开PC1,在串口界面点击连接,就可以登录设备进行配置了;
2 配置通过telnet登录
通过console口登录设备后,为了可以远程登录设备进行管理,可以在设备上开启telnet功能,这样如果客户端可以和服务器互通就可以远程登录设备了。
如上图所示,client地址为10.1.1.2 ,server地址为10.1.1.1。通过配置使得能够在client远程登录server。
server配置如下:
system-view
[HUAWEI] sysname Server
[Server] vlan 10
[Server-vlan10] quit
[Server] interface vlanif 10
[Server-Vlanif10] ip address 10.1.1.1 24
[Server-Vlanif10] quit
[Server] interface gigabitethernet 0/0/1
[Server-GigabitEthernet1/0/10] port link-type access
[Server-GigabitEthernet1/0/10] port default vlan 10
[Server-GigabitEthernet1/0/10] quit
[Server] telnet server enable
[Server] user-interface vty 0 4
[Server-ui-vty0-4] protocol inbound telnet
[Server-ui-vty0-4] authentication-mode aaa
[Server-ui-vty0-4] user privilege level 15
[Server-ui-vty0-4] quit
[Server] aaa
[Server-aaa] local-user admin123 password cipher admin123
[Server-aaa] local-user admin123 privilege level 15
[Server-aaa] local-user admin123 service-type telnet
client配置如下:
system-view
[HUAWEI] sysname Server
[client] vlan 10
[client-vlan10] quit
[client] interface vlanif 10
[client-Vlanif10] ip address 10.1.1.2 24
[client-Vlanif10] quit
[client] interface gigabitethernet 0/0/1
[client-GigabitEthernet1/0/10] port link-type access
[client-GigabitEthernet1/0/10] port default vlan 10
[client-GigabitEthernet1/0/10] quit
配置完成通过在client设备上登录server,如下图所示输如用户名密码可以成功登录server。
3 配置通过SSH登录
server配置如下:
#
vlan 10
#
interface Vlanif10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
aaa
local-user admin123 password cipher admin123
local-user admin123 service-type ssh
local-user admin123 privilege level 3
#
stelnet server enable
ssh user admin123
ssh user admin123 authentication-type password
ssh user admin123 service-type stelnet
ssh client first-time enable
#
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user privilege level 3
#
// display dsa local-key-pair public 查看客户端上生成的DSA密钥对的公钥部分。
// 将客户端上产生的DSA公钥配置到服务器端(上面display命令显示信息中黑体部分即为客户端产生的DSA公钥,将其拷贝粘贴至服务器端)。
#
dsa peer-public-key dsakey001 encoding-type der
public-key-code begin
30820322
02820100
DEDEBA5C 8244DCB8 E696917C EFEBC0B3 E6FB60BE 8B9E36D3 E4EB9CD6 EB7FD210
219AC0F4 1AD47BF1 EACD435D 39AFA8FA CB6A7819 305EE147 E428912E 60452B37
CA17D611 C2EE4C46 B4BC7726 54C26856 A99ECFA5 D800367B 31A90522 F139496F
4182DBFD AAB59973 9AB02185 856A881F 9197368B 92DBF684 9D1C746B A27E12F9
8A28E4B6 D0587D65 5979A750 5413E91E FC961C3F 79209625 CFA8D7D4 69FA35A3
9E37B614 047D535D CD63AF30 58B3A25B 79C714B6 326B7DB6 067EBF15 3CC1A720
B0E1A7E3 9C13FEB3 BA26E6B0 52DC5BFF EE7C5C52 148FE6C2 40738FBB 8F05D416
B2B5DD72 E3629BB5 9244BF9F A29C4FCD 4EA0EE50 1FC6695D 03D68D51 9324E493
0214
C6C484E1 F0076B8A FCAD302B 98B50A3A 542ABEBB
02820100
3AC11746 EE959CBD 30F669C5 7E290BC4 7CB5BBFD 96AE9215 7A29C723 72FE8A02
EBED3B76 BE810B42 21AD8D32 F7723F83 59F46B66 FF7805CC 3F86D5D6 5BD424BD
70677EFF 1ACF9B3C CE02CD40 46560DA4 2036205C 6EFAB148 66E6A106 0DF6258B
EE31CFE7 4B6C59B4 6FE59A9F BE64F982 EC36A669 FF597FB7 9A56E32E C15A0659
3D17C407 29F587C7 74959017 62B08070 24564B2E E79C6E1D 86793548 76CC662A
1D3DE1D1 2C79E102 C0B10E5C 9C4428B3 AEB93278 26D4CDE5 189A93EA 531E0FF8
2199EF35 DF038976 4538434F F39924F0 5BF17AC8 8E340991 B5EA0A62 A915EE63
F660C092 360C5D2D 796AF230 DB7461F7 C15B6DBA 65C9EFAB 247DB13D 4942E2FF
02820100
468263A3 D8BB89C2 E78DC17E 9EE6FBAD DF3F27B3 EFC05AC9 4EB1B9D8 613A92F2
EFB70DE8 E320F662 ADEC61BD 110C29BE FB3AFC09 4412DD5D AEF6E277 377E2710
BA222530 5F718612 56584D2C 0BAEAB46 5E3382AC 45F715E6 7D9FD904 78BEF819
05D42D2E 833A2A1A 106C7D07 8A8D8C03 88ADDD21 BB0628C6 DDF02B6E 50300360
287BB565 D4506D20 0F8A7872 781778F0 2D894E4C 2AD94B91 507046BC E4D62F37
7F87B0CE 3CFC7EF5 17BFD008 E2F8A46E 85ACB9E8 F7588654 280BE698 33CB29C2
4AD2116D DCA6B526 4C8A4CFD 3B021191 6F382CEC 0C17D701 8621EB23 4ABD77E4
5BF18E1D CC878A5E 27180765 34C432DB 73CDCFF9 CCAC0679 3D9F688B 19AF274E
public-key-code end
peer-public-key end
#
ssh user admin123 assign dsa-key dsakey001 //在SSH服务器端为SSH用户client002绑定STelnet客户端的dsa公钥。
client配置如下:
system-view
[HUAWEI] sysname Server
[client] vlan 10
[client-vlan10] quit
[client] interface vlanif 10
[client-Vlanif10] ip address 10.1.1.2 24
[client-Vlanif10] quit
[client] interface gigabitethernet 0/0/1
[client-GigabitEthernet1/0/10] port link-type access
[client-GigabitEthernet1/0/10] port default vlan 10
[client-GigabitEthernet1/0/10] quit
[client] ssh client first-time enable
[client] dsa local-key-pair create