2.网络基础运维-修改时区/远程登陆/IP配置

戒掉贪嗔痴(薛双奇)

于 2023-09-04 00:04:58 发布

阅读量161

点赞数

分类专栏：网络运维与管理文章标签：运维服务器前端

本文链接：https://blog.csdn.net/weixin_43346403/article/details/132657862

版权

网络运维与管理专栏收录该内容

2 篇文章 0 订阅

订阅专栏

1.修改时区

---修改时区。
时钟比较特殊,需要在用户视图修改。 
先改时区，再改时间。先改时间再改日期。
<R2>display clock
2023-09-03 19:10:40-08:00
Sunday
Time Zone(China-Standard-Time) : UTC-08:00
<R2>clock timezone BJ add 08:00  --时区设置为北京+8区。
<R2>display clock
2023-09-04 11:13:21+08:00
Monday
Time Zone(BJ) : UTC+08:00
<R2>clock datetime 19:17:30 2023-09-03
<R2>display clock
2023-09-03 19:17:33+08:00   
Sunday
Time Zone(BJ) : UTC+08:00
<R2>

2.配置标题消息

--配置标题消息
header login:配置在用户登陆前显示的标题消息。
header shell:配置在用户登陆后显示的标题消息 

aaa :认证授权统计，可以设置登陆用户和密码。
<R2>sy --进入系统视图 
[R2]user-interface con 0   --进入0号console
[R2-ui-console0]authentication-mode password --认证模式为密码认证。
[R2-ui-console0]set authentication password cipher huawei --设置密码huawei;
[R2-ui-console0]q
[R2]q
Please Press ENTER.
Login authentication
Password:huawei  --退出后需要输入密码。
<R2>sy
[R2]header login information "welcome to here!"  --开始和结束的符号要相同。
--登陆前提示这句话.
[R2]
[R2]q
<R2>q User interface con0 is available
Please Press ENTER.
welcome to here!
Login authentication
Password:huawei 
<R2>sy  --进入系统视图
[R2]header shell information "this is a router @@@" --登陆后提示这个
[R2]q  --退出当前视图
<R2>q User interface con0 is available
Please Press ENTER.
welcome to here!
Login authentication
Password:huawei --输入密码。
this is a router @@@
<R2>

3.配置登陆密码

--配置密码登录
用户等级:命令等级:名称 
0 /0 / 访问级 
1 /0,1 / 监控级 
2 /0,1,2 / 配置级 
3-15 /0,1,2,3 / 管理级 

AR1;
<Huawei>sy --进入系统视图 
[Huawei]aaa   --aaa认证模式
[Huawei-aaa]local-user huawei password cipher huawei  
--设置一个密文密码：huawei 
[Huawei-aaa]local-user huawei password cipher huawei
Info: Add a new user.
[Huawei-aaa]display this
[V200R003C00]
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
 local-user huawei password cipher %$%$7LI/5;&4d:"BDWM7_0z<}S4L%$%$
#"
return
[Huawei-aaa]local-user huawei privilege level 5  --给华为用户设置为5级。
[Huawei-aaa]

将某个命令授权给5级用户huawei,5级以下的用户不能访问这个命令。

4.用户界面设置

--用户界面:
用户界面类型:编号 
Console :0
VTY     :0-4 

VTY接口最大可配置范围为0-14;

--显示编号
[Huawei-aaa]display user-interface 
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi Auth  Int     
+ 0    CON 0    9600       -     15    15          P     -       
  129  VTY 0               -     0     -           N     -       
  130  VTY 1               -     0     -           N     -       
  131  VTY 2               -     0     -           N     -       
  132  VTY 3               -     0     -           N     -       
  133  VTY 4               -     0     -           N     -       
  145  VTY 16              -     0     -           N     -       
  146  VTY 17              -     0     -           N     -       
  147  VTY 18              -     0     -           N     -       
  148  VTY 19              -     0     -           N     -       
  149  VTY 20              -     0     -           N     -       
  150  Web 0    9600       -     15    -           A     -       
  151  Web 1    9600       -     15    -           A     -       
  152  Web 2    9600       -     15    -           A     -       
  153  Web 3    9600       -     15    -           A     -       
  154  Web 4    9600       -     15    -           A     -       
  155  XML 0    9600       -     0     -           A     -       
  156  XML 1    9600       -     0     -           A     -       
  157  XML 2    9600       -     0     -           A     -       
UI(s) not in async mode -or- with no hardware support: 
1-128  
  +    : Current UI is active.
  F    : Current UI is active and work in async mode.
  ---- More ----

--可以看到Console 口有且只有一个 ;0;
--不同型号的设备,VTY接口不同
IDX:绝对编号
Type:相对编号 

[Huawei]display current-configuration --查看当前配置。
[V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
 local-user huawei password cipher %$%$7LI/5;&4d:"BDWM7_0z<}S4L%$%$
 local-user huawei privilege level 5
#"
firewall zone Local
 priority 15
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Ethernet0/0/2
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface NULL0
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4   --默认5个用户。
user-interface vty 16 20
#
wlan ac
#
return
[Huawei]user-interface maximum-vty 15   --修改最大15个用户。

5.远程连接配置

--配置远程连接
VTY:远程telnet连接使用。虚拟终端。
Console:需要线连接。

R1:
[Huawei]sys R1 
[R1]int g0/0/0 
[R1-GigabitEthernet0/0/0]ip add 192.168.12.1 24 --修改IP地址
[R1-GigabitEthernet0/0/0]ip address 192.168.12.1 24 --或:修改IP地址
[R1-GigabitEthernet0/0/0]q 
<R1>un ter mo    --关闭中端监控信息输出。
<R1>sy 
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]display this --检查设施是否生效。
[R1-GigabitEthernet0/0/0]q
[R1]display ip int brief 

[[R1-GigabitEthernet0/0/0]ip add 192.168.1.50 24
[R1-GigabitEthernet0/0/0]display ip int brief
*down: administratively down
!down: FIB overload down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 9
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 9

Interface                         IP Address/Mask      Physical   Protocol  
Ethernet0/0/0                     unassigned           down       down      
Ethernet0/0/1                     unassigned           down       down      
GigabitEthernet0/0/0              192.168.1.50/24      up         up        
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
GigabitEthernet0/0/3              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Serial0/0/0                       unassigned           down       down      
Serial0/0/1                       unassigned           down       down      
Serial0/0/2                       unassigned           down       down      
Serial0/0/3                       unassigned           down       down      
[R1-GigabitEthernet0/0/0]

physical=up 
Protocol=up;

--第二个Router IP设置。
[R2-GigabitEthernet0/0/0]ip add 192.168.1.51 24
[R2-GigabitEthernet0/0/0]dis ip int brief
*down: administratively down
!down: FIB overload down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 9
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 9

Interface                         IP Address/Mask      Physical   Protocol  
Ethernet0/0/0                     unassigned           down       down      
Ethernet0/0/1                     unassigned           down       down      
GigabitEthernet0/0/0              192.168.1.51/24      up         up        
GigabitEthernet0/0/1              unassigned           down       down      
GigabitEthernet0/0/2              unassigned           down       down      
GigabitEthernet0/0/3              unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Serial0/0/0                       unassigned           down       down      
Serial0/0/1                       unassigned           down       down      
Serial0/0/2                       unassigned           down       down      
Serial0/0/3                       unassigned           down       down      
[R2-GigabitEthernet0/0/0]


--R1 上ping R2 能够ping通。
[R1-GigabitEthernet0/0/0]ping 192.168.1.51
  PING 192.168.1.51: 56  data bytes, press CTRL_C to break
    Reply from 192.168.1.51: bytes=56 Sequence=1 ttl=255 time=50 ms
    Reply from 192.168.1.51: bytes=56 Sequence=2 ttl=255 time=50 ms
    Reply from 192.168.1.51: bytes=56 Sequence=3 ttl=255 time=30 ms
    Reply from 192.168.1.51: bytes=56 Sequence=4 ttl=255 time=50 ms
    Reply from 192.168.1.51: bytes=56 Sequence=5 ttl=255 time=30 ms

  --- 192.168.1.51 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/42/50 ms

[R1-GigabitEthernet0/0/0]

--R2 上PING R1 也能ping通。
[R2-GigabitEthernet0/0/0]ping 192.168.1.50
  PING 192.168.1.50: 56  data bytes, press CTRL_C to break
    Reply from 192.168.1.50: bytes=56 Sequence=1 ttl=255 time=60 ms
    Reply from 192.168.1.50: bytes=56 Sequence=2 ttl=255 time=30 ms
    Reply from 192.168.1.50: bytes=56 Sequence=3 ttl=255 time=30 ms
    Reply from 192.168.1.50: bytes=56 Sequence=4 ttl=255 time=50 ms
    Reply from 192.168.1.50: bytes=56 Sequence=5 ttl=255 time=30 ms

  --- 192.168.1.50 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/40/60 ms

[R2-GigabitEthernet0/0/0]


如果要让R1能够telnet R2,则R2必须设置密码。

[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode pas	
[R2-ui-vty0-4]authentication-mode password --密码认证。
[R2-ui-vty0-4]set authentication password simple huawei --简单密码不加密。
[R2-ui-vty0-4]display this
#
user-interface con 0
 authentication-mode password
 set authentication password cipher Q.v<,CQ~P:;BH^68NhwO=E*#
user-interface vty 0 4
 set authentication password simple huawei  --可以明文显示密码。
user-interface vty 16 20
#
return
[R2-ui-vty0-4]

cipher:表示密码加密,显示为密文,破译相对困难。
--使用R1登陆R2; 
<R1>telnet 192.168.1.51
Trying 192.168.1.51 ...
Press CTRL+K to abort
Connected to 192.168.1.51 ...
welcome to here! --登陆前提示符
Login authentication
Password:huawei --输入密码。
this is a router @@@ --登陆后提示符 
Info: The max number of VTY users is 10, and the number
      of current VTY users on line is 1.
      The current login time is 2023-09-03 23:43:27.
<R2>  --已经登陆到第二台。
<R2>sy   --没有设置权限,虽然登陆进来了,但是无法操作。
    ^
Error: Unrecognized command found at '^' position.
<R2>

--在R2上设置权限:为3级。
[R2-ui-vty0-4]user privilege level 3
[R2-ui-vty0-4]

--在R1上测试:
--发现重新从R1登陆R2,可以进入SYS视图模式。
<R1>q
<R1>telnet 192.168.1.51
Trying 192.168.1.51 ...
Press CTRL+K to abort
Connected to 192.168.1.51 ...
welcome to here!
Login authentication
Password:huawei 
this is a router @@@
Info: The max number of VTY users is 10, and the number
      of current VTY users on line is 1.
      The current login time is 2023-09-03 23:47:59.
<R2>sy
Enter system view, return user view with Ctrl+Z.
[R2]  


[R2-ui-vty0-4]display user-interface 
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi Auth  Int     
+ 0    CON 0    9600       -     3     3           P     -       
+ 34   VTY 0               -     3     3           P     -       
  35   VTY 1               -     3     -           P     -       
  36   VTY 2               -     3     -           P     -       
  37   VTY 3               -     3     -           P     -       
  38   VTY 4               -     3     -           P     -       
  50   VTY 16              -     0     -           P     -       
  51   VTY 17              -     0     -           P     -       
  52   VTY 18              -     0     -           P     -       
  53   VTY 19              -     0     -           P     -       
  54   VTY 20              -     0     -           P     -       
  67   LTT 0    9600       -     0     -           N     -       
  68   LTT 1    9600       -     0     -           N     -       
  69   LTT 2    9600       -     0     -           N     -       
  70   LTT 3    9600       -     0     -           N     -       
  71   LTT 4    9600       -     0     -           N     -       
  72   LTT 5    9600       -     0     -           N     -       
  73   LTT 6    9600       -     0     -           N     -       
  74   LTT 7    9600       -     0     -           N     -       
  75   LTT 8    9600       -     0     -           N     -       
  76   LTT 9    9600       -     0     -           N     -       
  77   LTT 10   9600       -     0     -           N     -       
  78   LTT 11   9600       -     0     -           N     -       
  79   LTT 12   9600       -     0     -           N     -       
  80   LTT 13   9600       -     0     -           N     -       
  81   LTT 14   9600       -     0     -           N     -       
  82   LTT 15   9600       -     0     -           N     -       
  83   LTT 16   9600       -     0     -           N     -       
UI(s) not in async mode -or- with no hardware support: 
1-32  
  +    : Current UI is active.
  F    : Current UI is active and work in async mode.
  Idx  : Absolute index of UIs.
  Type : Type and relative index of UIs.
  Privi: The privilege of UIs.
  ActualPrivi: The actual privilege of user-interface.
  Auth : The authentication mode of UIs.
      A: Authenticate use AAA.
      N: Current UI need not authentication.
      P: Authenticate use current UI''s password.
  Int  : The physical location of UIs.

[R2-ui-vty0-4]


 VTY 0 这行是三级权限。
 
从R2上断开R1; 
 --强制让vty0断开。
<R2>kill user-interface vty 0 
Warning: User interface VTY0 will be freed. Continue? [Y/N]:Y
Info: User interface VTY0 is free.
<R2>
 
--R1 上观察:
[R2]
Info: The max number of VTY users is 10, and the number
      of current VTY users on line is 0.
Info: The connection was closed by the remote host.
<R1>

6.总结

本章描述了在路由器上，时区配置，时间配置，IP配置，用户界面提示符配置，密码配置，远程登录配置等信息。