网络设备的远程认证两种方式
Telnet:远程终端协议
Telnet定义Telnet协议是TCP/IP协议族中的一员,是Internet远程登录服务的标准协议和主要方式。它为用户提供了在本地计算机上完成远程主机工作的能力。
一、控制端远程登录被控端
配置步骤:
1、设置IP地址,可以被远程;
2、进入vty视图,配置远程模式为aaa;
3、进入aaa视图,
(1)配置用户名+密码;
(2)配置权限;
(3)配置服务+类型;
u t m
sy
[Huawei]sy AR1
[AR1]int GigabitEthernet 0/0/0
[AR1-GigabitEthernet0/0/0]ip add 192.168.1.3 24
[AR1-GigabitEthernet0/0/0]q
[AR1]user-interface vty 0 4
[AR1-ui-vty0-4]authentication-mode aaa 认证模式选择为AAA认证
[AR1-ui-vty0-4]aaa 进入AAA视图
[AR1-aaa]local-user lisi password cipher 123456 创建本地用户名和密码
[AR1-aaa]local-user lisi privilege level 15 设置本地用户权限
[AR1-aaa]local-user lisi service-type telnet 设置本地用户服务类型
二、复杂(双重)认证方式:(安全)
SW1配置:
u t m
Info: Current terminal monitor is off.
sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy SW1
[SW1] int vlanif 1
[SW1-Vlanif1]ip add 192.168.10.1 24
[SW1-Vlanif1]q
[SW1]user-interface console 0
[SW1-ui-console0]authentication-mode password
[SW1-ui-console0]set authentication password cipher hcip
[SW1-ui-console0]idle-timeout 12 30
[SW1-ui-console0]q
[SW1]q
Password: hcip 本地SW1密码,密码为密文
telnet 192.168.10.5
Username:lisi 远程登录R5的用户名和密码
Password: hcie
q
telnet 192.168.10.2 远程登录SW2密码
Password: hcie
SW2配置:
u t m
Info: Current terminal monitor is off.
sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy SW2
[SW2]int vlanif 1
[SW2-Vlanif1]ip add 192.168.10.2 24
[SW2-Vlanif1]q
[SW2]user-interface vty 0 4
[SW2-ui-vty0-4]authentication-mode password
[SW2-ui-vty0-4]set authentication password cipher hcie
[SW2-ui-vty0-4]user privilege level 15
[SW2-ui-vty0-4]q
R5配置:
u t m
Info: Current terminal monitor is off.
sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy R3
[R3]int g0/0/0
[R3-GigabitEthernet0/0/0]ip add 192.168.10.5 24
[R3-GigabitEthernet0/0/0]q
[R3]user-interface vty 0 4
[R3-ui-vty0-4]authentication-mode aaa
[R3-ui-vty0-4]aaa
[R3-aaa]local-user lisi password cipher hcie
Info: Add a new user.
[R3-aaa]local-user lisi privilege level 15
[R3-aaa]local-user lisi service-type telnet
[R3-aaa]q