华为交换机telnet登录账号密码设置教程

华为交换机telnet登录账号密码设置案例

一、配置需求

1、配置S5700-核心交换机Telnet登录需要密码验证

2、配置S5700-核心交换机Telnet登录需要账号和密码验证

二、配置步骤

2.1、配置S5700-核心交换机telnet登录需要密码验证步骤

2.1.1、进入VTY用户界面视图

[S5700-core]user-interface vty ?

  INTEGER<0-4>  The first user terminal interface to be configured

[S5700-core]user-interface vty 0 4

[S5700-core-ui-vty0-4]

2.1.2、设置用户登录验证方式为密码验证

[S5700-core-ui-vty0-4]authentication-mode ?

  aaa       AAA authentication

  none      Login without checking

  password  Authentication through the password of a user terminal interface

[S5700-core-ui-vty0-4]authentication-mode password

[S5700-core-ui-vty0-4]

2.1.3、设置验证登录密码，输入的密码可以是明文或密文

[S5700-core-ui-vty0-4]set authentication password ?

  cipher  Set the password with cipher text

  simple  Set the password in plain text

[S5700-core-ui-vty0-4]set authentication password cipher ?

  STRING<1-16>/<24>  Plain text/cipher text password

[S5700-core-ui-vty0-4]set authentication password cipher wlgcs.cn

[S5700-core-ui-vty0-4]

2.1.4、设置密码登录的权限级别为15，否则有些权限命令无法执行。

[S5700-core -ui-vty0-4]user privilege level ?

  INTEGER<0-15>  Set a priority

[S5700-core -ui-vty0-4]user privilege level 15

[S5700-core -ui-vty0-4]

[S5700-core -core-ui-vty0-4]q

[S5700-core]q

<S5700-core>sa

The current configuration will be written to the device.

Are you sure to continue?[Y/N]y

Now saving the current configuration to the slot 0.

Jun  5 2020 10:19:15-08:00 S5700-core %%01CFM/4/SAVE(l)[1]:The user chose Y when dec

iding whether to save the configuration to the device.

Save the configuration successfully.

<S5700-core>

2.2、配置S5700-核心交换机telnet登录需要账号和密码验证

2.2.1、进入VTY用户界面视图

[S5700-core]user-interface vty 0 4

[S5700-core-ui-vty0-4]

2.2.2、设置用户验证方式为AAA验证

[S5700-core-ui-vty0-4]authentication-mode ?

  aaa       AAA authentication

  none      Login without checking

  password  Authentication through the password of a user terminal interface

[S5700-core-ui-vty0-4]authentication-mode aaa

[S5700-core-ui-vty0-4]

2.2.3、进入AAA视图，配置Telnet登录用户名和密码

[S5700-core-ui-vty0-4]q

[S5700-core]aaa

[S5700-core-aaa]local-user ?

  STRING<1-64>  User name, in form of 'user@domain'. Can use wildcard '*',

                while displaying and modifying, such as *@isp,user@*,*@*.Can

                not include invalid character / \ : * ? " < > | @ '

[S5700-core-aaa]local-user wlgcs password ?

  cipher  User password with cipher text

  simple  User password with plain text

        

[S5700-core-aaa]local-user wlgcs password cipher ?

  STRING<1-16>/<24>  The UNENCRYPTED/ENCRYPTED password string

[S5700-core-aaa]local-user wlgcs password cipher wlgcs.cn

[S5700-core-aaa]

2.2.4、配置Telnet登录用户的接入类型为Telnet

[S5700-core-aaa]local-user wlgcs service-type ?

  8021x     802.1x user

  bind      Bind authentication user

  ftp       FTP user

  http      Http user

  ppp       PPP user

  ssh       SSH user

  telnet    Telnet  user

  terminal  Terminal user

  web       Web authentication user

  x25-pad   X25-pad user

[S5700-core-aaa]local-user wlgcs service-type telnet

2.2.5、配置Telnet登录用户的权限级别为15，不配做权限很多命令无法操作

[S5700-core-aaa]local-user wlgcs ?

  access-limit   Set access limit of user(s)

  ftp-directory  Set user(s) FTP directory permitted

  idle-timeout   Set the timeout period for terminal user(s)

  password       Set password

  privilege      Set admin user(s) level

  service-type   Service types for authorized user(s)

  state          Activate/Block the user(s)

        

[S5700-core-aaa]local-user wlgcs privilege level ?

  INTEGER<0-15>  Level value

[S5700-core-aaa]local-user wlgcs privilege level 15

[S5700-core-aaa]q

[S5700-core]q

<S5700-core>sa

The current configuration will be written to the device.

Are you sure to continue?[Y/N]

Jun  5 2020 11:13:57-08:00 S5700-core DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.20

11.5.25.191.3.1 configurations have been changed. The current change number is 6

, the change loop count is 0, and the maximum number of records is 4095.y

Now saving the current configuration to the slot 0.

Jun  5 2020 11:13:58-08:00 S5700-core %%01CFM/4/SAVE(l)[0]:The user chose Y when

 deciding whether to save the configuration to the device.

Save the configuration successfully.

<S5700-core>

三、配置验证

3.1、验证S5700-核心交换机telnet登录需要密码

在S3700-1楼交换模拟登录，已经提前配置好网络互通

<S3700-1L>telnet 192.168.10.254

Trying 192.168.10.254 ...

Press CTRL+K to abort

Connected to 192.168.10.254 ...

Login authentication

Password:                            # 输入密码wlgcs.cn 回车

Info: The max number of VTY users is 5, and the number

      of current VTY users on line is 1.

      The current login time is 2020-06-05 10:25:43.

<S3700-1L>

3.2、验证S5700-核心交换机telnet登录需要账号和密码

在S3700-1楼交换模拟登录，已经提前配置好网络互通

<S5700-1L>telnet 192.168.10.254

Trying 192.168.10.254 ...

Press CTRL+K to abort

Connected to 192.168.10.254 ...

Login authentication

Username:wlgcs

Password:                   # 输入密码wlgcs.cn 回车

Info: The max number of VTY users is 5, and the number

      of current VTY users on line is 1.

      The current login time is 2020-06-05 11:16:50.

<S5700-core>

四、配置信息

4.1、S5700-核心交换机telnet登录需要密码验证配置信息

#

user-interface con 0

 authentication-mode aaa

 set authentication password cipher =!|}D)F/uV:.`&R&e7S(W>A#

user-interface vty 0 4

user privilege level 15

 set authentication password cipher FFJpO7yR02JlDGI>zbS=kc~#

#

4.2、S5700-核心交换机telnet登录需要账号和密码验证配置信息

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

 local-user wlgcs password cipher )UB'#XU&R,=NZPO3JBXBHA!!

local-user wlgcs privilege level 15

 local-user wlgcs service-type telnet

#

user-interface con 0

 authentication-mode aaa

 set authentication password cipher =!|}D)F/uV:.`&R&e7S(W>A#

user-interface vty 0 4

 authentication-mode aaa

 set authentication password cipher FFJpO7yR02JlDGI>zbS=kc~#

#