华为交换机Console口属性配置教程
当用户通过Console口登录设备实现本地维护时,可以根据使用需求或对设备安全的考虑,配置相应的Console用户界面属性。这些属性并不是必须要配置的,用户可以结合实际需求和安全性考虑选择配置。通过MiniUSB口登录设备使用的也是Console用户界面,因此配置的Console用户界面属性也会作用于MiniUSB口登录。1、设置通过账号和密码(AAA验证)登陆console口1.1、进入Console用户界面视图user-interface console 01.2、设置用户验证方式为AAA验证authentication-mode ?aaa AAA authenticationnone Login without checking # 无需验证直接登陆console口password Authentication through the password of a user terminal interface # 只通过输入密码登陆console口authentication-mode aaa1.3、进入AAA视图qaaa1.4、配置登陆console口的账号和密码local-user ?STRING<1-64> User name, in form of 'user@domain'. Can use wildcard '*',while displaying and modifying, such as *@isp,user@*,*@*.Cannot include invalid character / \ : * ? " < > | @ 'local-user http://023wg.com ?access-limit Set access limit of user(s)ftp-directory Set user(s) FTP directory permittedidle-timeout Set the timeout period for terminal user(s)password Set passwordprivilege Set admin user(s) levelservice-type Service types for authorized user(s)state Activate/Block the user(s)user-group User grouplocal-user http://023wg.com password ?cipher User password with cipher textlocal-user http://023wg.com password cipher http://www.023wg.com1.5、设置登陆console的账号和密码的服务类型为console(terminal)类型local-user http://023wg.com service-type ?8021x 802.1x userbind Bind authentication userftp FTP userhttp Http userl2tp L2tp userppp PPP userssh SSH usersslvpn Sslvpn usertelnet Telnet userterminal Terminal userweb Web authentication userx25-pad X25-pad userlocal-user http://023wg.com service-type terminal ?8021x 802.1x userbind Bind authentication userftp FTP userhttp Http userl2tp L2tp userppp PPP userssh SSH usersslvpn Sslvpn usertelnet Telnet userweb Web authentication userx25-pad X25-pad user<cr>local-user http://023wg.com service-type terminal2、设置只通过密码登陆console口2.1、设置只通过密码登陆console口authentication-mode password2.2、设置验证密码,输入的密码可以是明文或密文set authentication ?password Set the password for a user interfaceset authentication password ?cipher Set the password with cipher textsimple Set the password in plain textset authentication password cipher ?STRING<1-16>/<24> Plain text/cipher text passwordset authentication password cipher http://023wg.comdis th#user-interface con 0authentication-mode aaaset authentication password cipher }GUbE_&zC@|8z[/:Cq23'O1#user-interface vty 0 4user-interface vty 16 20#return输入的密码可以是明文或者密文,当不指定cipher password参数时,将采用交互方式输入明文密码,当指定cipher password参数时,既可以输入明文密码也可以输入密文密码,但都将以密文形式保存在配置文件中。当用户输入密码时,直接以明文形式输入存在安全风险,建议用户以交互式方式输入。3、设置直接登陆console口,无需验证authentication-mode none4、配置Console用户界面的用户优先级用户可以配置用户优先级,实现对不同用户访问设备权限的限制,增加设备管理的安全性。用户的优先级分为16个级别,级别标识为0~15,标识越高则优先级越高。用户的优先级和命令的优先级是相对应的,即用户只能使用等于或低于自己级别的命令。缺省情况下,Console口用户界面对应的默认命令访问级别是15。如果用户界面下配置的命令级别访问权限与用户名本身对应的操作权限冲突,以用户名本身对应的级别为准。https://pic3.zhimg.com/80/v2-88d567ae4166130683fcc5c54fc621ba_720w.jpguser privilege level ?INTEGER<0-15> Set a priority5、设置用户登录超时时间设置用户连接的超时时间为0或者过长会导致终端一直处于登录状态,存在安全风险,建议用户执行命令lock锁定当前连接。idle-timeout ?INTEGER<0-35791> Set the number of minutes before a terminal user times out(default: 10minutes)6、设置终端屏幕每屏显示的行数screen-length ?INTEGER<0-512> Display the number of lines on a screen (the value 0 indicates none split screen, and the default value is 24)7、设置终端屏幕显示的列数screen-width ?INTEGER<60-512> Screen width value, the default is 808、设置历史命令缓存条数history-command ?max-size Set the size of the maximum history buffer, the default value is 10history-command max-size ?INTEGER<0-256> The size of a history buffer9、设置console口传输速率speed ?300 Only asynchronous serial user terminal interfaces can be configured600 Only asynchronous serial user terminal interfaces can be configured1200 Only asynchronous serial user terminal interfaces can be configured4800 Only asynchronous serial user terminal interfaces can be configured9600 Only asynchronous serial user terminal interfaces can be configured19200 Only asynchronous serial user terminal interfaces can be configured38400 Only asynchronous serial user terminal interfaces can be configured57600 Only asynchronous serial user terminal interfaces can be configured115200 Only asynchronous serial user terminal interfaces can be configured10、设置console口流控方式flow-control ?hardware Hardware flow control mode # 硬件方式none None flow control mode # 无software Software flow control mode # 软件方式11、设置console口校验位parity ?even Even check mode # 偶校验方式mark Mark check mode # Mark校验方式none None check mode # 无校验odd Odd check mode # 奇校验方式space Space check mode # Space校验方式12、设置console口停止位stopbits ?1.5 One-and-half-bit stop bit1 One-bit stop bit2 Two-bit stop bit13、设置console口数据位databits ?5 5-bit databits6 6-bit databits7 7-bit databits8 8-bit databits14、查看Console用户界面信息<Huawei>display user-interface console 0Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int+ 0 CON 0 9600 - 3 3 P -+ : Current UI is active.F : Current UI is active and work in async mode.Idx : Absolute index of UIs.Type : Type and relative index of UIs.Privi: The privilege of UIs.ActualPrivi: The actual privilege of user-interface.Auth : The authentication mode of UIs.A: Authenticate use AAA.N: Current UI need not authentication.P: Authenticate use current UI's password.Int : The physical location of UIs. 方案一:利用安装有FTP服务器软件的笔记本实现配置文件的复制(一)将旧交换机上的配置文件上传至一台FTP服务器
图1
如图1所示,本次工程实例我们使用了一台笔记本作为调试终端,旧的笔记本上端口7属于网管VLAN100(即笔记本可以通过这个端口对交换机进行telnet、ftp等操作),交换机VLAN100的地址为10.200.0.1,将笔记本的IP设为10.200.0.111,在这台笔记本上安装有Serv-U软件(即将这台笔记本作为一台FTP服务器),用网线将笔记本连接至旧交换机的端口7,以上操作完毕后,在旧交换机上执行以下操作:
<ZXJF_3552>ftp 10.200.0.111
Trying ...
Press CTRL+K to abort
Connected.
220 Serv-U FTP Server v5.2 for WinSock ready...
User(none):lrx
331 User name okay, need password.
Password:
230 User logged in, proceed.
bin
put vrpcfg.txt
200 PORT Command successful.
150 Opening BINARY mode data connection for vrpcfg.txt.
226 Transfer complete.
FTP: 6561 byte(s) sent in 0.220 second(s) 29.00Kbyte(s)/sec.
bye
221 Goodbye!
其实以上操作很简单,就是将这台华为3552交换机作为一个FTP客户端,将配置文件vrpcfg.txt上传到了一台FTP服务器上面(即保存在一台FTP服务器上面),为了将这个配置文件再上传至那台新交换机上去,我们要进行第二步操作。
(二)为新交换机配置IP地址
要想通过FTP的方式获取配置文件,必须首先为这台交换机配置IP地址,在笔记本上通过配置线接至交换机的配置口,进行如下操作
<Quidway>sys
Enter system view, return to user view with Ctrl+Z.
inter vlan 100
ip addr 10.200.0.1 255.255.255.0
inter fa0/7
port access VLAN 100
以上操作就为这台新交换机新建VLAN100,设置VLAN的ip地址为10.200.0.1,并且将端口7划归属于VLAN100.
(三)新交换机从FTP服务器上下载配置文件
进行如下操作:
<Quidway>ftp 10.200.0.111
Trying ...
Press CTRL+K to abort
Connected.
220 Serv-U FTP Server v5.2 for WinSock ready...
User(none):lrx
331 User name okay, need password.
Password:
230 User logged in, proceed.
bin
200 Type set to I.
get vrpcfg.txt
227 Entering Passive Mode (10,200,0,111,4,3)
150 Opening BINARY mode data connection for vrpcfg.txt (6561 Bytes).
226 Transfer complete.
FTP: 6561 byte(s) received in 0.528 second(s) 6.00Kbyte(s)/sec.
bye
221 Goodbye!
(四)重启交换机,以使配置文件生效
<Quidway>reboot
This will reboot Switch. Continue? y
重启完再通过dis cu命令醒看配置信息,发现已经完全与那台旧的交换机一样了。
通过以上的操作我们可以看到,利用华为交换机的FTP功能,我们可以很快实现两台交换机间配置文件的
页:
[1]