华为交换机Console⼝属性配置华为交换机Console⼝属性配置
⼀、设置通过账号和密码(AAA验证)登陆Console⼝
1. 进⼊ Console ⽤户界⾯视图
<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]
2. 在 Console ⽤户界⾯视图下,设置⽤户验证⽅式为 AAA 验证
[Huawei-ui-console0]authentication-mode ?
aaa      AAA authentication
none      Login without checking          //⽆需验证直接登陆console⼝
password  Authentication through the password of a user terminal interface      //只通过输⼊密码登陆console⼝[Huawei-ui-console0]authentication-mode aaa
3. 进⼊AAA视图,配置登 Console ⼝的账号和密码
[Huawei-ui-console0]q
[Huawei]aaa
[Huawei-aaa]local-user ?
STRING<1-64>  User name, in form of 'user@domain'. Can use wildcard '*',
while displaying and modifying, such as *@isp,user@*,*@*.Can
not include invalid character / \ : * ? " < > | @ '
[Huawei-aaa]local-user admin ?
access-limit  Set access limit of user(s)
ftp-directory  Set user(s) FTP directory permitted
idle-timeout  Set the timeout period for terminal user(s)
password      Set password
privilege      Set admin user(s) level
service-type  Service types for authorized user(s)
state          Activate/Block the user(s)
[Huawei-aaa]local-user admin password ?
cipher  User password with cipher text      //以密⽂⽅式显⽰⼝令
simple  User password with plain text      //以明⽂⽅式显⽰⼝令
[Huawei-aaa]local-user admin password cipher ?
STRING<1-16>/<24>  The UNENCRYPTED/ENCRYPTED password string
[Huawei-aaa]local-user admin password cipher 123456
Info: Add a new user.
/
/查看账户信息
[Huawei-aaa]display local-user
----------------------------------------------------------------------------
User-name                      State  AuthMask  AdminLevel
----------------------------------------------------------------------------
admin                          A      A        -
----------------------------------------------------------------------------
Total 1 user(s)
4. 设置登陆 Console 的账号和密码的服务类型为 Console(terminal)类型
[Huawei-aaa]local-user admin ?
access-limit  Set access limit of user(s)
ftp-directory  Set user(s) FTP directory permitted
idle-timeout  Set the timeout period for terminal user(s)
password      Set password
privilege      Set admin user(s) level
service-type  Service types for authorized user(s)
state          Activate/Block the user(s)
[Huawei-aaa]local-user admin service-type ?
8021x    802.1x user
bind      Bind authentication user
ftp      FTP user
http      Http user
cipher命令
ppp      PPP user
ssh      SSH user
telnet    Telnet  user
terminal  Terminal user
web      Web authentication user
x25-pad  X25-pad user
[Huawei-aaa]local-user admin service-type terminal ?
8021x    802.1x user
bind    Bind authentication user
ftp      FTP user
http    Http user
ppp      PPP user
ssh      SSH user
telnet  Telnet  user
web      Web authentication user
x25-pad  X25-pad user
<cr>
[Huawei-aaa]local-user admin service-type terminal
//再次查看账户信息
[Huawei-aaa]display local-user
----------------------------------------------------------------------------
User-name                      State  AuthMask  AdminLevel
-
---------------------------------------------------------------------------
admin                          A      M        -
----------------------------------------------------------------------------
Total 1 user(s)
//保存配置
<Huawei>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y      //输⼊y,确认
Now saving the current configuration to the slot 0.
Apr  6 2021 16:09:10-08:00 Huawei %%01CFM/4/SAVE(l)[55]:The user chose Y when de
ciding whether to save the configuration to the device.
Save the configuration successfully.
⼆、设置只通过密码登陆 Console ⼝
1. 进⼊ Console ⽤户界⾯视图,设置只通过密码登陆 Console ⼝模式
<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode password
2. 设置验证密码,输⼊的密码可以是明⽂或密⽂
[Huawei-ui-console0]set authentication ?
password  Set the password for a user interface
[Huawei-ui-console0]set authentication password ?
cipher  Set the password with cipher text        //以密⽂⽅式显⽰⼝令
simple  Set the password in plain text          //以明⽂⽅显⽰⼝令
[Huawei-ui-console0]set authentication password cipher ?
STRING<1-16>/<24>  Plain text/cipher text password
[Huawei-ui-console0]set authentication password cipher 123456
//查看操作的步骤
[Huawei-ui-console0]display this
#
user-interface con 0
authentication-mode password
set authentication password cipher yLST2)ywQ@:.`&R&e7S(bTi#          //密码加密处理了
user-interface vty 0 4
#
return
//保存配置
<Huawei>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y      //输⼊y,确认
Now saving the current configuration to the slot 0.
Apr  6 2021 16:09:10-08:00 Huawei %%01CFM/4/SAVE(l)[55]:The user chose Y when de
ciding whether to save the configuration to the device.
Save the configuration successfully.
1. 输⼊的密码可以是明⽂或者密⽂,当不指定cipher password参数时,将采⽤交互⽅式输⼊明⽂密码;
2. 当指定cipher password参数时,既可以输⼊明⽂密码也可以输⼊密⽂密码,但都将以密⽂形式保存在配置⽂件中。
3. 当⽤户输⼊密码时,直接以明⽂形式输⼊存在安全风险,建议⽤户以交互式⽅式输⼊。
三、设置直接登陆 Console ⼝,⽆需验证
<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode none
四、配置Console⽤户界⾯的⽤户优先级<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]user privilege level ?
INTEGER<0-15>  Set a priority
[Huawei-ui-console0]user privilege level 3
⽤户级别和命令级别对应关系表:
⽤户级
别命令级别
级别名
说明
00参观级⽹络诊断⼯具命令(ping、tracert)、从本设备出发访问外部设备的命令(Telnet客户端)等。
10,1监控级⽤于系统维护,包括display等命令。
说明:并不是所有display命令都是监控级,⽐如display current-configuration命令和display saved-configuration命令是3级管理级。
20,1,2配置级业务配置命令,包括路由、各个⽹络层次的命令,向⽤户提供直接⽹络服务。
3~150,1,2,3管理级⽤于系统基本运⾏的命令,对业务提供⽀撑作⽤,包括⽂件系统、FTP、TFTP下载、⽤户管理命令、命令级别设置命令;
⽤于业务故障诊断的debugging命令等。
1. ⽤户可以配置⽤户优先级,实现对不同⽤户访问设备权限的限制,增加设备管理的安全性。
2. ⽤户的优先级分为16个级别,级别标识为0~15,标识越⾼则优先级越⾼。
3. ⽤户的优先级和命令的优先级是相对应的,即⽤户只能使⽤等于或低于⾃⼰级别的命令。
4. 缺省情况下,Console⼝⽤户界⾯对应的默认命令访问级别是15。
5. 如果⽤户界⾯下配置的命令级别访问权限与⽤户名本⾝对应的操作权限冲突,以⽤户名本⾝对应的级别为准。
五、查看 Console ⽤户界⾯信息
<Huawei>display user-interface console 0
Idx  Type    Tx/Rx      Modem Privi ActualPrivi Auth  Int
+ 0    CON 0    9600      -    3    3          N    -
+    : Current UI is active.
F    : Current UI is active and work in async mode.
Idx  : Absolute index of UIs.
Type : Type and relative index of UIs.
Privi: The privilege of UIs.
ActualPrivi: The actual privilege of user-interface.
Auth : The authentication mode of UIs.
A: Authenticate use AAA.
N: Current UI need not authentication.
P: Authenticate use current UI's password.
Int  : The physical location of UIs.
六、清除已经保存的配置
<Huawei>reset saved-configuration
Warning: The action will delete the saved configuration in the device.
The configuration will be erased to reconfigure. Continue? [Y/N]:y        //输⼊y,确认清除
Warning: Now clearing the configuration in the device.
Apr  6 2021 16:29:00-08:00 Huawei %%01CFM/4/RST_CFG(l)[0]:The user chose Y when
deciding whether to reset the saved configuration.
Info: Succeeded in clearing the configuration in the device.
//配置虽然清除了,但是配置的账户和密码还有效,重启之后仍任需要密码
<Huawei>system-view
[Huawei]aaa
[Huawei-aaa]display local-user
----------------------------------------------------------------------------
User-name                      State  AuthMask  AdminLevel
----------------------------------------------------------------------------
admin                          A      M        -
----------------------------------------------------------------------------
Total 1 user(s)
[Huawei-aaa]undo local-user admin      //删除账户包括密码
[Huawei-aaa]display local-user
Total 0 user(s)
<Huawei>reboot
或者设置⽆需验证登陆 Console ⼝
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode none

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。