h3c路由⽤⼾权限

h3c路由⽤⼾权限
H3C V7版本的系统默认权限
H3C (v7平台)Console⼝通过账号密码登陆配置教程
1、设置登陆账号
[H3C]local-user ?
STRING<1-80> Local user name, which can contain the domain name
[H3C]local-user 023wg.com ?
class Specify a class for the local user
<cr>
[H3C]local-user 023wg.com class ?
manage Device management user
network Network access user
[H3C]local-user 023wg.com class manage ?
<cr>
[H3C]local-user 023wg.com class manage
New local user added.
[H3C-luser-manage-023wg.com]
2、设置登录账号密码
[H3C-luser-manage-023wg.com]password ?
hash Specify a hashtext password
simple Specify a plaintext password
<cr>
[H3C-luser-manage-023wg.com]password simple ?
STRING<1-63> Plaintext password string
[H3C-luser-manage-023wg.com]password simple www.023wg.com
[H3C-luser-manage-023wg.com]
3、设置登录账号的权限(官⽅说法为授权⽤⼾⻆⾊)
[H3C-luser-manage-023wg.com]authorization-attribute ?
acl Specify ACL of local user
callback-number Specify PPP callback number of local user
idle-cut Specify idle cut function for local user
ip Specify the IP address of local user
ip-pool Specify the IP address pool of local user
ipv6 Specify the IPv6 address of local user
ipv6-pool Specify the IPv6 address pool of local user
ipv6-prefix Specify the IPv6 address prefix of local user
primary-dns Specify the primary DNS server of local user
secondary-dns Specify the secondary DNS server of local user
session-group-profile Specify the session group profile of local user
session-timeout Specify time of session-timeout
sslvpn-policy-group Specify the SSL VPN policy group name of local user
subscriber-id Specify the subscriber ID of local user
url Specify the URL of local user
user-profile Specify user profile of local user
user-role Specify user role of the local user
vlan Specify VLAN ID of local user
vpn-instance Specify the VPN instance of local user
work-directory Specify work directory of local user
[H3C-luser-manage-023wg.com]authorization-attribute user-role ?
STRING<1-63> User role name
network-admin
network-operator
level-0
level-1
level-2
level-3
level-4
level-5
level-6
level-7
level-8
level-9
level-10
level-11
level-12
level-13
level-14
level-15
security-audit
guest-manager
[H3C-luser-manage-023wg.com]authorization-attribute user-role network-admin
4、设置登陆账号的服务类型
[H3C-luser-manage-023wg.com]service-type ?
ftp FTP service
http HTTP service type
https HTTPS service type
pad X.25 PAD service
ssh Secure Shell service
telnet Telnet service
terminal Terminal access service
[H3C-luser-manage-023wg.com]service-type terminal
5、设置Console登陆采⽤账号密码登陆模式(即AAA或scheme认证⽅式)
[H3C]line console ?
INTEGER<0-9> Number of the first line
[H3C]line console 0
[H3C-line-console0]
[H3C-line-console0]authentication-mode ?
none Login without authentication
password Password authentication
scheme Authentication use AAA
[H3C-line-console0]authentication-mode scheme ?
<cr>
[H3C-line-console0]authentication-mode scheme
6、验证设置
[H3C-line-console0]q
[H3C]sa
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
[H3C]qu
<H3C>qu
******************************************************************************
* Copyright (c) 2004-2016 Hangzhou H3C Tech. Co., Ltd. All rights reserved. *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Line con0 is available.
Press ENTER to get started.
login: 023wg.com
Password:
<H3C>
7、释义
H3Cv7平台相较于V5平台配置思路与含义有了⼀些变化,这些变化之处重庆⽹管博客做个释义,欢迎
各位道友留⾔或进群讨论。
7.1、关于⽤⼾类别
[H3C]local-user 023wg.com class ?
manage Device management user
network Network access user
class:指定本地⽤⼾的类别。若不指定本参数,则表⽰设备管理类⽤⼾。
manage:设备管理类⽤⼾,⽤于登录设备,对设备进⾏配置和监控。此类⽤⼾可以提供ftp、http、
https、telnet、ssh、terminal和pad服务。
network:⽹络接⼊类⽤⼾,⽤于通过设备接⼊⽹络,访问⽹络资源。此类⽤⼾可以提供advpn、ike、
ipoe、lan-access、portal、ppp和sslvpn服务。
guest:来宾⽤⼾,仅能在帐⼾有效期内提供lan-access和portal服务。
7.2、授权⽤⼾⻆⾊
[H3C-luser-manage-023wg.com]authorization-attribute user-role ?
STRING<1-63> User role name
network-admin
network-operator
level-0
level-1
level-2
level-3
level-4
level-5
level-6
level-7
level-8
level-9
level-10
level-11
level-12
level-13
level-14
level-15
security-audit
guest-manager
H3C V7平台新增⽤⼾⻆⾊功能,相当于windows系统的⽤⼾组,每个⽤⼾组的权限不⼀样,H3C v7平
台了为了⽅便权限管理等设置了此功能(官⽅说法为RBAC功能)。⽆论是默认账号还是新增账号都需
要关联管理权限,当然默认账号都是默认设置好了权限的。
以上⻆⾊我们还可以新建等⾃定义⼀些权限,功能那是相当丰富,各种权限都可以随意玩,重庆⽹管博
客后⾯的⽂章会专⻔讲解⾃定义⻆⾊,敬请⼤家关注。当然⾃定义⻆⾊⼀般场景是⽤不着的,默认的⻆
⾊就够⽤了。
好了,说下默认⻆⾊的权限级别如下:
network-admin:具有最⾼权限,可操作系统所有功能和资源(除安全⽇志⽂件管理相关命令外),配置
此权限默认会给network-operator权限。
network-operator:可执⾏系统所有功能和资源的相关display命令(除安全⽇志等查看命令外,具体
⼤家可以⾃⾏查看)。
Level-n(0-15):数值越⼤,权限越⼤。level-15相当于network-admin权限。
security-audit:安全⽇志管理员权限,仅具有安全⽇志的读、写、执⾏权限。
 

©️2020 CSDN 皮肤主题: 技术黑板 设计师:CSDN官方博客 返回首页