交换机远程登录与管理
【为便于日后管理交换机,则需要在交换机上启用远程登录功能,并配置登录密码加强安全性
(注:由于三台交换机的操作近乎相同,因此代码注释仅做了SW1部分)】
一、配置交换机SW1
1.修改设备名,并配置本地登录密码
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW1 //修改设备名
[SW1]user-interface console 0
[SW1-ui-console0]authentication-mode password //修改身份认证模式为password
[SW1-ui-console0]set authentication password cipher 123456 //本地登录password认证模式的认证密码为123456
[SW1-ui-console0]quit
2.配置SSH远程登录
[SW1]telnet server enable //开启设备的SSH服务
Info: The Telnet server has been enabled.
[SW1]ssh authentication-type default password
[SW1]aaa //远程登录的身份认证方式为AAA认证
[SW1-aaa]local-user root password cipher 111111 //SSH账号为root,密码为111111
Info: Add a new user.
[SW1-aaa]local-user root service-type ssh
[SW1-aaa]local-user root privilege level 3 //用户基本为3,管理级
[SW1-aaa]qui
[SW1]rsa local-key-pair create //在交换机上生成本地密钥对
The key name will be: SW1_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
..............++++++++++++
................++++++++++++
.........++++++++
.......................++++++++
[SW1]user-interface vty 0 4 //配置0~4的5个虚拟终端用户
[SW1-ui-vty0-4]authentication-mode aaa //配置VTY认证方式为AAA认证
[SW1-ui-vty0-4]protocol inbound ssh //允许用户以SSH方式接入
[SW1-ui-vty0-4]qui
3.配置交换机远程管理的IP地址
[SW1]int vlanif 1 //进入交换机默认VLAN1的接口视图
[SW1-Vlanif1]ip address 192.168.1.1 29
[SW1-Vlanif1]quit
二、配置交换机SW2
1.修改设备名,并配置本地登录密码
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW2
[SW2]user-interface console 0
[SW2-ui-console0]authentication-mode password
[SW2-ui-console0]set authentication password cipher 123456
[SW2-ui-console0]qui
2.配置SSH远程登录
[SW2]telnet server enable
Info: The Telnet server has been enabled.
[SW2]ssh authentication-type default password
[SW2]aaa
[SW2-aaa]local-user root password cipher 111111
Info: Add a new user.
[SW2-aaa]local-user root service-type ssh
[SW2-aaa]local-user root privilege level 3
[SW2-aaa]qui
[SW2]rsa local-key-pair create
The key name will be: SW2_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
.........++++++++++++
..++++++++++++
........++++++++
..++++++++
[SW2]user-interface vty 0 4
[SW2-ui-vty0-4]authentication-mode aaa
[SW2-ui-vty0-4]protocol inbound ssh
[SW2-ui-vty0-4]qui
3.配置交换机远程管理的IP地址
[SW2]interface Vlanif 1
[SW2-Vlanif1]ip ad 192.168.1.2 29
[SW2-Vlanif1]qui
三、配置交换机SW3
1.修改设备名,并配置本地登录密码
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW3
[SW3]user-interface console 0
[SW3-ui-console0]authentication-mode password
[SW3-ui-console0]set authentication password cipher 123456
[SW3-ui-console0]qui
2.配置SSH远程登录
[SW3]telnet server enable
Info: The Telnet server has been enabled.
[SW3]ssh authentication-type default password
[SW3]aaa
[SW3-aaa]local-user root password cipher 111111
Info: Add a new user.
[SW3-aaa]local-user root service-type ssh
[SW3-aaa]local-user root privilege level 3
[SW3-aaa]quit
[SW3]rsa local-key-pair create
The key name will be: SW3_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
........++++++++++++
...++++++++++++
......................++++++++
..................++++++++
[SW3]user-interface vty 0 4
[SW3-ui-vty0-4]authentication-mode aaa
[SW3-ui-vty0-4]protocol inbound ssh
[SW3-ui-vty0-4]qui
3.配置交换机远程管理的IP地址
[SW3]interface vlanif 1
[SW3-Vlanif1]ip address 192.168.1.3 29
[SW3-Vlanif1]qui
四、验证操作:
[SW1]ssh client first-time enable
[SW1]stelnet 192.168.1.2