|
|
楼主 |
发表于 2022-5-15 22:33:31
|
显示全部楼层
Console口设置密码
8 c$ [1 c# N; n4 r2 H# b交换机Console口设置密码
1 B+ |, { K! S4 _+ L& {[sw1]user-interface console 08 o) R0 |9 S2 i6 Z F- X( ^1 w' t
[sw1-ui-console0]authentication-mode password
, y1 |9 |, H' V' G3 A; s* @8 k[sw1-ui-console0]set authentication password ?
+ U# z3 |, y8 h3 e+ G" ?( e1 w cipher Set the password with cipher text #密码用密码文本设置密码
/ r% X2 e6 |4 j% N& B- [ simple Set the password in plain text #简单地设置明文密码
$ u3 J' z" Y- t" K( k[sw1-ui-console0]set authentication password simple 123
; v4 C* k: }( L
( Y2 F# e* i/ N" ~3 ~路由器Console口设置密码
' T& t8 P# q3 c% @# w' F[R1]user-interface console 0$ Q% U( A8 X( J. L0 M
[R1-ui-console0]authentication-mode password) V& _, r9 e2 f# h7 M, w5 h
Please configure the login password (maximum length 16):123
* u- ~5 [( P# h- \$ |( L& b3 T[R1-ui-console0]& A0 _ ~3 A$ `% X* O; g1 @
[R1-ui-console0]q
* H, K2 P' @- c& i6 p[R1]q! o, f% t9 q% _4 E1 W" Y
<R1>q
* Z! j& a7 M5 C7 t0 `2 J1 S G Configuration console exit, please press any key to log on
" N0 c2 f- W: H3 [2 X
4 [7 A4 f9 k+ {! o& _9 r( l( G* sLogin authentication
% E' v! q, H9 g5 y. X$ f( w
$ s9 p1 r, v; k9 O4 P& S; \; UPassword:输入123 t* I) \* X% t# d3 _; U. O
<R1>sys' v2 D3 s0 ^* y% D0 Y- d
Enter system view, return user view with Ctrl+Z.
0 N$ E8 A& V" R( W
+ W" O4 \. w; {
9 U( d9 N6 S# h, A5 W- a配置用户通过Telnet登录设备(真机演示)
" J* I/ h9 m3 p7 q2 C& I[Huawei]int g0/0/02 g& ^3 Y% ~" x7 b6 u) C) ^9 l" I
[Huawei-GigabitEthernet0/0/0]ip add 192.168.100.252 24 #先给需要接口设置IP2 ~4 W: N1 T, M# `
[Huawei]telnet server enable #全局开启telnet/ N7 e _* N( M) r* S
Info: Telnet is insecure, recommended to use stelnet with encryption features. b1 P, N+ p6 I$ {) u2 T
[Huawei]aaa) G& ?& D. w a+ A8 w
[Huawei-aaa]local-user pok password irreversible-cipher 123456 #创建本地用户,用户名:pok、密码:123456& T8 j3 ^4 M5 _* `7 s2 \
Info: Add a new user.4 @0 ?* c; I, c" }
[Huawei-aaa]local-user pok service-type telnet #配置本地用户pok的接入类型为telnet6 O x6 A8 N1 z9 \
[Huawei-aaa]local-user pok privilege level 3 #设置用户等级,远程用户缺省的级别都是0级,可修改Telnet用户登录后的用户级别为管理员3
. v' S% h, N0 V, B M& p& _Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]y 确定% P) j, t$ {" v# z3 `/ W1 M
[Huawei-aaa]q
' T( w! a" @1 x5 J[Huawei]user-interface vty 0 4 #进入VTY0~VTY4用户界面视图
7 J8 B' |& e0 \ k[Huawei-ui-vty0-4]authentication-mode aaa #配置VTY类型用户界面的验证方式为AAA+ o2 M4 e$ t2 o2 s% G! ]
! A& I, U% A$ n G! i
" ]8 q, h N4 }+ R \7 C& r
配置用户通过web登录设备(真机演示)) b2 a" o4 g" J z/ r7 V- {
web登陆其实和上面基本是一样的。只是将上面代码中的:
& u2 E" z9 T( ?& d O mlocal-user pokes service-type telnet. f/ N+ L+ L; H4 Z, F
% b1 M4 Z3 @; n' e$ V7 |# x; J8 @; U
替换成3 D% g7 N3 X+ A1 H" T! j: i. k
local-user pokes service-type http ssh web5 z+ a4 t% V3 ~8 a8 [' M# M
% @6 ^$ W/ l; ^9 j
[Huawei]int g0/0/0" x1 W q) {3 u2 Y; B. V$ l7 g/ ?
[Huawei-GigabitEthernet0/0/0]ip add 192.168.100.252 24 #先给需要接口设置IP
$ `5 K& n- H3 g$ D6 i' u[Huawei]http server enable #全局开启telnet+ u" ?+ P$ q$ }# \+ N4 h% w& i% a
Info: Telnet is insecure, recommended to use stelnet with encryption features.
t6 n9 G& A" T$ a, o( m- V[Huawei]aaa! b J6 e" Y- \# v) u7 n U
[Huawei-aaa]local-user pok password irreversible-cipher 123456 #创建本地用户,用户名:pok、密码:123456; ]: D4 j% h# u: k) L _% {0 \7 S. j
Info: Add a new user.
$ |3 D6 H8 `0 w# k: r# N; x/ M7 w[Huawei-aaa]local-user pok service-type http #配置本地用户pok的接入类型为telnet7 Q* J6 ^" _# M) e# w: k6 l8 O
[Huawei-aaa]local-user pok privilege level 3 #设置用户等级,远程用户缺省的级别都是0级,可修改Telnet用户登录后的用户级别为管理员3: Z5 A% L e9 I
Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]y 确定6 |8 y# H. T! U' [
[Huawei-aaa]q$ i- C8 ]9 Y; ^$ k6 V
[Huawei]user-interface vty 0 4 #进入VTY0~VTY4用户界面视图
9 y* ?# t3 ?# x2 \[Huawei-ui-vty0-4]authentication-mode aaa #配置VTY类型用户界面的验证方式为AAA
! l9 g4 ]% ^6 ^! d
- w) D9 c* y% h0 }
9 z/ L; I+ }. _- T4 Q# S说明:有个问题需要注意一下,替换完成之后就只能web登陆,不能同时登陆web和telnet。如果还需要web登陆,就需要再新建另一个用户。1 _# v: y: }- ~
重点华为设备出厂的时候,对web访问的接口做了限制,我们必须查出来哪个接口可以web访问
7 X$ Y0 U& [$ a, {display current-configuration filter http serve #查询哪个接口允许web访问" @1 C2 ?/ ]6 j$ y% o$ U3 w
#
* U9 A& j7 s7 gpost-system
# v# v# J- v) g+ K7 n% I http server enable1 L0 A9 W- w. ?) |: @- z8 R9 \" X
http server permit interface GigabitEthernet0/0/1 #这个接口可以访问" ~( g, M% p: F! e
#
# K% W, m, I# G0 k' d; Dreturn( k$ Q6 f- g5 a$ `. p( J
/ u1 x! t2 _+ K1 o m; t( H
解决办法有两种:
# }) h4 p* f6 }3 a* Y, B0 k+ dundo http server permit interface #删除限制9 s) C9 V8 t& h# |4 J6 w
http server permit interface e0/0/0 #允许你的接口访问web4 N3 m1 {+ R% ~; F! V
6 A! {4 C3 v8 q2 @: |) L在这里我想说的是,华为的web界面真的是很差,我用的真机AR1220,不知道新版的怎么样。建议还是用命令把。3 m$ P& R; R3 s0 i: Y& N$ H% Z" \
( B4 T: C8 r$ F; K
|
|
发表于 2022-5-15 20:28:37