华为交换机telnet登录账号密码设置案例
一、配置需求
1、配置S5700-核心交换机Telnet登录需要密码验证
2、配置S5700-核心交换机Telnet登录需要账号和密码验证
二、配置步骤
2.1、配置S5700-核心交换机telnet登录需要密码验证步骤
2.1.1、进入VTY用户界面视图
[S5700-core]user-interface vty ?
INTEGER<0-4> The first user terminal interface to be configured
[S5700-core]user-interface vty 0 4
[S5700-core-ui-vty0-4]
2.1.2、设置用户登录验证方式为密码验证
[S5700-core-ui-vty0-4]authentication-mode ?
aaa AAA authentication
none Login without checking
password Authentication through the password of a user terminal interface
[S5700-core-ui-vty0-4]authentication-mode password
[S5700-core-ui-vty0-4]
2.1.3、设置验证登录密码,输入的密码可以是明文或密文
[S5700-core-ui-vty0-4]set authentication password ?
cipher Set the password with cipher text
simple Set the password in plain text
[S5700-core-ui-vty0-4]set authentication password cipher ?
STRING<1-16>/<24> Plain text/cipher text password
[S5700-core-ui-vty0-4]set authentication password cipher wlgcs.cn
[S5700-core-ui-vty0-4]
2.1.4、设置密码登录的权限级别为15,否则有些权限命令无法执行。
[S5700-core -ui-vty0-4]user privilege level ?
INTEGER<0-15> Set a priority
[S5700-core -ui-vty0-4]user privilege level 15
[S5700-core -ui-vty0-4]
[S5700-core -core-ui-vty0-4]q
[S5700-core]q
<S5700-core>sa
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y
Now saving the current configuration to the slot 0.
Jun 5 2020 10:19:15-08:00 S5700-core %%01CFM/4/SAVE(l)[1]:The user chose Y when dec
iding whether to save the configuration to the device.
Save the configuration successfully.
<S5700-core>
2.2、配置S5700-核心交换机telnet登录需要账号和密码验证
2.2.1、进入VTY用户界面视图
[S5700-core]user-interface vty 0 4
[S5700-core-ui-vty0-4]
2.2.2、设置用户验证方式为AAA验证
[S5700-core-ui-vty0-4]authentication-mode ?
aaa AAA authentication
none Login without checking
password Authentication through the password of a user terminal interface
[S5700-core-ui-vty0-4]authentication-mode aaa
[S5700-core-ui-vty0-4]
2.2.3、进入AAA视图,配置Telnet登录用户名和密码
[S5700-core-ui-vty0-4]q
[S5700-core]aaa
[S5700-core-aaa]local-user ?
STRING<1-64> User name, in form of 'user@domain'. Can use wildcard '*',
while displaying and modifying, such as *@isp,user@*,*@*.Can
not include invalid character / \ : * ? " < > | @ '
[S5700-core-aaa]local-user wlgcs password ?
cipher User password with cipher text
simple User password with plain text
[S5700-core-aaa]local-user wlgcs password cipher ?
STRING<1-16>/<24> The UNENCRYPTED/ENCRYPTED password string
[S5700-core-aaa]local-user wlgcs password cipher wlgcs.cn
[S5700-core-aaa]
2.2.4、配置Telnet登录用户的接入类型为Telnet
[S5700-core-aaa]local-user wlgcs service-type ?
8021x 802.1x user
bind Bind authentication user
ftp FTP user
http Http user
ppp PPP user
ssh SSH user
telnet Telnet user
terminal Terminal user
web Web authentication user
x25-pad X25-pad user
[S5700-core-aaa]local-user wlgcs service-type telnet
2.2.5、配置Telnet登录用户的权限级别为15,不配做权限很多命令无法操作
[S5700-core-aaa]local-user wlgcs ?
access-limit Set access limit of user(s)
ftp-directory Set user(s) FTP directory permitted
idle-timeout Set the timeout period for terminal user(s)
password Set password
privilege Set admin user(s) level
service-type Service types for authorized user(s)
state Activate/Block the user(s)
[S5700-core-aaa]local-user wlgcs privilege level ?
INTEGER<0-15> Level value
[S5700-core-aaa]local-user wlgcs privilege level 15
[S5700-core-aaa]q
[S5700-core]q
<S5700-core>sa
The current configuration will be written to the device.
Are you sure to continue?[Y/N]
Jun 5 2020 11:13:57-08:00 S5700-core DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.20
11.5.25.191.3.1 configurations have been changed. The current change number is 6
, the change loop count is 0, and the maximum number of records is 4095.y
Now saving the current configuration to the slot 0.
Jun 5 2020 11:13:58-08:00 S5700-core %%01CFM/4/SAVE(l)[0]:The user chose Y when
deciding whether to save the configuration to the device.
Save the configuration successfully.
<S5700-core>
三、配置验证
3.1、验证S5700-核心交换机telnet登录需要密码
在S3700-1楼交换模拟登录,已经提前配置好网络互通
<S3700-1L>telnet 192.168.10.254
Trying 192.168.10.254 ...
Press CTRL+K to abort
Connected to 192.168.10.254 ...
Login authentication
Password: # 输入密码wlgcs.cn 回车
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2020-06-05 10:25:43.
<S3700-1L>
3.2、验证S5700-核心交换机telnet登录需要账号和密码
在S3700-1楼交换模拟登录,已经提前配置好网络互通
<S5700-1L>telnet 192.168.10.254
Trying 192.168.10.254 ...
Press CTRL+K to abort
Connected to 192.168.10.254 ...
Login authentication
Username:wlgcs
Password: # 输入密码wlgcs.cn 回车
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2020-06-05 11:16:50.
<S5700-core>
四、配置信息
4.1、S5700-核心交换机telnet登录需要密码验证配置信息
#
user-interface con 0
authentication-mode aaa
set authentication password cipher =!|}D)F/uV:.`&R&e7S(W>A#
user-interface vty 0 4
user privilege level 15
set authentication password cipher FFJpO7yR02JlDGI>zbS=kc~#
#
4.2、S5700-核心交换机telnet登录需要账号和密码验证配置信息
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
local-user wlgcs password cipher )UB'#XU&R,=NZPO3JBXBHA!!
local-user wlgcs privilege level 15
local-user wlgcs service-type telnet
#
user-interface con 0
authentication-mode aaa
set authentication password cipher =!|}D)F/uV:.`&R&e7S(W>A#
user-interface vty 0 4
authentication-mode aaa
set authentication password cipher FFJpO7yR02JlDGI>zbS=kc~#
#