1.修改时区
---修改时区。
时钟比较特殊,需要在用户视图修改。
先改时区,再改时间。先改时间再改日期。
<R2>display clock
2023-09-03 19:10:40-08:00
Sunday
Time Zone(China-Standard-Time) : UTC-08:00
<R2>clock timezone BJ add 08:00 --时区设置为北京+8区。
<R2>display clock
2023-09-04 11:13:21+08:00
Monday
Time Zone(BJ) : UTC+08:00
<R2>clock datetime 19:17:30 2023-09-03
<R2>display clock
2023-09-03 19:17:33+08:00
Sunday
Time Zone(BJ) : UTC+08:00
<R2>
2.配置标题消息
--配置标题消息
header login:配置在用户登陆前显示的标题消息。
header shell:配置在用户登陆后显示的标题消息
aaa :认证授权统计,可以设置登陆用户和密码。
<R2>sy --进入系统视图
[R2]user-interface con 0 --进入0号console
[R2-ui-console0]authentication-mode password --认证模式为密码认证。
[R2-ui-console0]set authentication password cipher huawei --设置密码huawei;
[R2-ui-console0]q
[R2]q
Please Press ENTER.
Login authentication
Password:huawei --退出后需要输入密码。
<R2>sy
[R2]header login information "welcome to here!" --开始和结束的符号要相同。
--登陆前提示这句话.
[R2]
[R2]q
<R2>q User interface con0 is available
Please Press ENTER.
welcome to here!
Login authentication
Password:huawei
<R2>sy --进入系统视图
[R2]header shell information "this is a router @@@" --登陆后提示这个
[R2]q --退出当前视图
<R2>q User interface con0 is available
Please Press ENTER.
welcome to here!
Login authentication
Password:huawei --输入密码。
this is a router @@@
<R2>
3.配置登陆密码
--配置密码登录
用户等级:命令等级:名称
0 /0 / 访问级
1 /0,1 / 监控级
2 /0,1,2 / 配置级
3-15 /0,1,2,3 / 管理级
AR1;
<Huawei>sy --进入系统视图
[Huawei]aaa --aaa认证模式
[Huawei-aaa]local-user huawei password cipher huawei
--设置一个密文密码:huawei
[Huawei-aaa]local-user huawei password cipher huawei
Info: Add a new user.
[Huawei-aaa]display this
[V200R003C00]
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user huawei password cipher %$%$7LI/5;&4d:"BDWM7_0z<}S4L%$%$
#"
return
[Huawei-aaa]local-user huawei privilege level 5 --给华为用户设置为5级。
[Huawei-aaa]
将某个命令授权给5级用户huawei,5级以下的用户不能访问这个命令。
4.用户界面设置
--用户界面:
用户界面类型:编号
Console :0
VTY :0-4
VTY接口最大可配置范围为0-14;
--显示编号
[Huawei-aaa]display user-interface
Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int
+ 0 CON 0 9600 - 15 15 P -
129 VTY 0 - 0 - N -
130 VTY 1 - 0 - N -
131 VTY 2 - 0 - N -
132 VTY 3 - 0 - N -
133 VTY 4 - 0 - N -
145 VTY 16 - 0 - N -
146 VTY 17 - 0 - N -
147 VTY 18 - 0 - N -
148 VTY 19 - 0 - N -
149 VTY 20 - 0 - N -
150 Web 0 9600 - 15 - A -
151 Web 1 9600 - 15 - A -
152 Web 2 9600 - 15 - A -
153 Web 3 9600 - 15 - A -
154 Web 4 9600 - 15 - A -
155 XML 0 9600 - 0 - A -
156 XML 1 9600 - 0 - A -
157 XML 2 9600 - 0 - A -
UI(s) not in async mode -or- with no hardware support:
1-128
+ : Current UI is active.
F : Current UI is active and work in async mode.
---- More ----
--可以看到Console 口有且只有一个 ;0;
--不同型号的设备,VTY接口不同
IDX:绝对编号
Type:相对编号
[Huawei]display current-configuration --查看当前配置。
[V200R003C00]
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
local-user huawei password cipher %$%$7LI/5;&4d:"BDWM7_0z<}S4L%$%$
local-user huawei privilege level 5
#"
firewall zone Local
priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface NULL0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4 --默认5个用户。
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]user-interface maximum-vty 15 --修改最大15个用户。
5.远程连接配置
--配置远程连接
VTY:远程telnet连接使用。虚拟终端。
Console:需要线连接。
R1:
[Huawei]sys R1
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 192.168.12.1 24 --修改IP地址
[R1-GigabitEthernet0/0/0]ip address 192.168.12.1 24 --或:修改IP地址
[R1-GigabitEthernet0/0/0]q
<R1>un ter mo --关闭中端监控信息输出。
<R1>sy
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]display this --检查设施是否生效。
[R1-GigabitEthernet0/0/0]q
[R1]display ip int brief
[[R1-GigabitEthernet0/0/0]ip add 192.168.1.50 24
[R1-GigabitEthernet0/0/0]display ip int brief
*down: administratively down
!down: FIB overload down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 9
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 9
Interface IP Address/Mask Physical Protocol
Ethernet0/0/0 unassigned down down
Ethernet0/0/1 unassigned down down
GigabitEthernet0/0/0 192.168.1.50/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
GigabitEthernet0/0/3 unassigned down down
NULL0 unassigned up up(s)
Serial0/0/0 unassigned down down
Serial0/0/1 unassigned down down
Serial0/0/2 unassigned down down
Serial0/0/3 unassigned down down
[R1-GigabitEthernet0/0/0]
physical=up
Protocol=up;
--第二个Router IP设置。
[R2-GigabitEthernet0/0/0]ip add 192.168.1.51 24
[R2-GigabitEthernet0/0/0]dis ip int brief
*down: administratively down
!down: FIB overload down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 9
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 9
Interface IP Address/Mask Physical Protocol
Ethernet0/0/0 unassigned down down
Ethernet0/0/1 unassigned down down
GigabitEthernet0/0/0 192.168.1.51/24 up up
GigabitEthernet0/0/1 unassigned down down
GigabitEthernet0/0/2 unassigned down down
GigabitEthernet0/0/3 unassigned down down
NULL0 unassigned up up(s)
Serial0/0/0 unassigned down down
Serial0/0/1 unassigned down down
Serial0/0/2 unassigned down down
Serial0/0/3 unassigned down down
[R2-GigabitEthernet0/0/0]
--R1 上ping R2 能够ping通。
[R1-GigabitEthernet0/0/0]ping 192.168.1.51
PING 192.168.1.51: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.51: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 192.168.1.51: bytes=56 Sequence=2 ttl=255 time=50 ms
Reply from 192.168.1.51: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.1.51: bytes=56 Sequence=4 ttl=255 time=50 ms
Reply from 192.168.1.51: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 192.168.1.51 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/42/50 ms
[R1-GigabitEthernet0/0/0]
--R2 上PING R1 也能ping通。
[R2-GigabitEthernet0/0/0]ping 192.168.1.50
PING 192.168.1.50: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.50: bytes=56 Sequence=1 ttl=255 time=60 ms
Reply from 192.168.1.50: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 192.168.1.50: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.1.50: bytes=56 Sequence=4 ttl=255 time=50 ms
Reply from 192.168.1.50: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 192.168.1.50 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/40/60 ms
[R2-GigabitEthernet0/0/0]
如果要让R1能够telnet R2,则R2必须设置密码。
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode pas
[R2-ui-vty0-4]authentication-mode password --密码认证。
[R2-ui-vty0-4]set authentication password simple huawei --简单密码不加密。
[R2-ui-vty0-4]display this
#
user-interface con 0
authentication-mode password
set authentication password cipher Q.v<,CQ~P:;BH^68NhwO=E*#
user-interface vty 0 4
set authentication password simple huawei --可以明文显示密码。
user-interface vty 16 20
#
return
[R2-ui-vty0-4]
cipher:表示密码加密,显示为密文,破译相对困难。
--使用R1登陆R2;
<R1>telnet 192.168.1.51
Trying 192.168.1.51 ...
Press CTRL+K to abort
Connected to 192.168.1.51 ...
welcome to here! --登陆前提示符
Login authentication
Password:huawei --输入密码。
this is a router @@@ --登陆后提示符
Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
The current login time is 2023-09-03 23:43:27.
<R2> --已经登陆到第二台。
<R2>sy --没有设置权限,虽然登陆进来了,但是无法操作。
^
Error: Unrecognized command found at '^' position.
<R2>
--在R2上设置权限:为3级。
[R2-ui-vty0-4]user privilege level 3
[R2-ui-vty0-4]
--在R1上测试:
--发现重新从R1登陆R2,可以进入SYS视图模式。
<R1>q
<R1>telnet 192.168.1.51
Trying 192.168.1.51 ...
Press CTRL+K to abort
Connected to 192.168.1.51 ...
welcome to here!
Login authentication
Password:huawei
this is a router @@@
Info: The max number of VTY users is 10, and the number
of current VTY users on line is 1.
The current login time is 2023-09-03 23:47:59.
<R2>sy
Enter system view, return user view with Ctrl+Z.
[R2]
[R2-ui-vty0-4]display user-interface
Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int
+ 0 CON 0 9600 - 3 3 P -
+ 34 VTY 0 - 3 3 P -
35 VTY 1 - 3 - P -
36 VTY 2 - 3 - P -
37 VTY 3 - 3 - P -
38 VTY 4 - 3 - P -
50 VTY 16 - 0 - P -
51 VTY 17 - 0 - P -
52 VTY 18 - 0 - P -
53 VTY 19 - 0 - P -
54 VTY 20 - 0 - P -
67 LTT 0 9600 - 0 - N -
68 LTT 1 9600 - 0 - N -
69 LTT 2 9600 - 0 - N -
70 LTT 3 9600 - 0 - N -
71 LTT 4 9600 - 0 - N -
72 LTT 5 9600 - 0 - N -
73 LTT 6 9600 - 0 - N -
74 LTT 7 9600 - 0 - N -
75 LTT 8 9600 - 0 - N -
76 LTT 9 9600 - 0 - N -
77 LTT 10 9600 - 0 - N -
78 LTT 11 9600 - 0 - N -
79 LTT 12 9600 - 0 - N -
80 LTT 13 9600 - 0 - N -
81 LTT 14 9600 - 0 - N -
82 LTT 15 9600 - 0 - N -
83 LTT 16 9600 - 0 - N -
UI(s) not in async mode -or- with no hardware support:
1-32
+ : Current UI is active.
F : Current UI is active and work in async mode.
Idx : Absolute index of UIs.
Type : Type and relative index of UIs.
Privi: The privilege of UIs.
ActualPrivi: The actual privilege of user-interface.
Auth : The authentication mode of UIs.
A: Authenticate use AAA.
N: Current UI need not authentication.
P: Authenticate use current UI''s password.
Int : The physical location of UIs.
[R2-ui-vty0-4]
VTY 0 这行是三级权限。
从R2上断开R1;
--强制让vty0断开。
<R2>kill user-interface vty 0
Warning: User interface VTY0 will be freed. Continue? [Y/N]:Y
Info: User interface VTY0 is free.
<R2>
--R1 上观察:
[R2]
Info: The max number of VTY users is 10, and the number
of current VTY users on line is 0.
Info: The connection was closed by the remote host.
<R1>
6.总结
本章描述了在路由器上,时区配置,时间配置,IP配置,用户界面提示符配置,密码配置,远程登录配置等信息。