華為交換機Console口屬性配置

本文轉載自查看原文 2021-04-06 16:44 1045 路由交換(Huawei)

華為交換機Console口屬性配置

一、設置通過賬號和密碼（AAA驗證）登陸Console口

進入 Console 用戶界面視圖

<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]

在 Console 用戶界面視圖下，設置用戶驗證方式為 AAA 驗證

[Huawei-ui-console0]authentication-mode ?
  aaa       AAA authentication    
  none      Login without checking           //無需驗證直接登陸console口
  password  Authentication through the password of a user terminal interface       //只通過輸入密碼登陸console口

[Huawei-ui-console0]authentication-mode aaa

進入AAA視圖，配置登 Console 口的賬號和密碼

[Huawei-ui-console0]q
[Huawei]aaa
[Huawei-aaa]local-user ?
  STRING<1-64>  User name, in form of 'user@domain'. Can use wildcard '*',
                while displaying and modifying, such as *@isp,user@*,*@*.Can
                not include invalid character / \ : * ? " < > | @ '

[Huawei-aaa]local-user admin ?
  access-limit   Set access limit of user(s)
  ftp-directory  Set user(s) FTP directory permitted
  idle-timeout   Set the timeout period for terminal user(s)
  password       Set password 
  privilege      Set admin user(s) level
  service-type   Service types for authorized user(s)
  state          Activate/Block the user(s)

[Huawei-aaa]local-user admin password ?
  cipher  User password with cipher text      //以密文方式顯示口令
  simple  User password with plain text       //以明文方式顯示口令

[Huawei-aaa]local-user admin password cipher ?
  STRING<1-16>/<24>  The UNENCRYPTED/ENCRYPTED password string

[Huawei-aaa]local-user admin password cipher 123456 
Info: Add a new user.

    //查看賬戶信息
[Huawei-aaa]display local-user 
  ----------------------------------------------------------------------------
  User-name                      State  AuthMask  AdminLevel  
  ----------------------------------------------------------------------------
  admin                          A      A         -          
  ----------------------------------------------------------------------------
  Total 1 user(s)

設置登陸 Console 的賬號和密碼的服務類型為 Console（terminal）類型

[Huawei-aaa]local-user admin ?
  access-limit   Set access limit of user(s)
  ftp-directory  Set user(s) FTP directory permitted
  idle-timeout   Set the timeout period for terminal user(s)
  password       Set password 
  privilege      Set admin user(s) level
  service-type   Service types for authorized user(s)
  state          Activate/Block the user(s)

[Huawei-aaa]local-user admin service-type ?
  8021x     802.1x user
  bind      Bind authentication user
  ftp       FTP user
  http      Http user
  ppp       PPP user
  ssh       SSH user
  telnet    Telnet  user
  terminal  Terminal user
  web       Web authentication user
  x25-pad   X25-pad user

[Huawei-aaa]local-user admin service-type terminal ?
  8021x    802.1x user
  bind     Bind authentication user
  ftp      FTP user
  http     Http user
  ppp      PPP user
  ssh      SSH user
  telnet   Telnet  user
  web      Web authentication user
  x25-pad  X25-pad user
  <cr>     

[Huawei-aaa]local-user admin service-type terminal

    //再次查看賬戶信息
[Huawei-aaa]display local-user 
  ----------------------------------------------------------------------------
  User-name                      State  AuthMask  AdminLevel  
  ----------------------------------------------------------------------------
  admin                          A      M         -          
  ----------------------------------------------------------------------------
  Total 1 user(s)

    //保存配置
<Huawei>save 
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y      //輸入y,確認
Now saving the current configuration to the slot 0.
Apr  6 2021 16:09:10-08:00 Huawei %%01CFM/4/SAVE(l)[55]:The user chose Y when de
ciding whether to save the configuration to the device.
Save the configuration successfully.

二、設置只通過密碼登陸 Console 口

進入 Console 用戶界面視圖，設置只通過密碼登陸 Console 口模式

<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode password

設置驗證密碼，輸入的密碼可以是明文或密文

[Huawei-ui-console0]set authentication ?
  password  Set the password for a user interface

[Huawei-ui-console0]set authentication password ?
  cipher  Set the password with cipher text        //以密文方式顯示口令
  simple  Set the password in plain text           //以明文方顯示口令

[Huawei-ui-console0]set authentication password cipher ?
  STRING<1-16>/<24>  Plain text/cipher text password

[Huawei-ui-console0]set authentication password cipher 123456

    //查看操作的步驟
[Huawei-ui-console0]display this 
#
user-interface con 0
 authentication-mode password
 set authentication password cipher yLST2)ywQ@:.`&R&e7S(bTi#          //密碼加密處理了
user-interface vty 0 4
#
return

    //保存配置
<Huawei>save 
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y      //輸入y,確認
Now saving the current configuration to the slot 0.
Apr  6 2021 16:09:10-08:00 Huawei %%01CFM/4/SAVE(l)[55]:The user chose Y when de
ciding whether to save the configuration to the device.
Save the configuration successfully.

輸入的密碼可以是明文或者密文，當不指定cipher password參數時，將采用交互方式輸入明文密碼；
當指定cipher password參數時，既可以輸入明文密碼也可以輸入密文密碼，但都將以密文形式保存在配置文件中。
當用戶輸入密碼時，直接以明文形式輸入存在安全風險，建議用戶以交互式方式輸入。

三、設置直接登陸 Console 口，無需驗證

<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode none

四、配置Console用戶界面的用戶優先級

<Huawei>system-view
[Huawei]user-interface console 0
[Huawei-ui-console0]user privilege level ?
  INTEGER<0-15>  Set a priority
[Huawei-ui-console0]user privilege level 3

用戶級別和命令級別對應關系表：

用戶級別	命令級別	級別名稱	說明
0	0	參觀級	網絡診斷工具命令（ping、tracert）、從本設備出發訪問外部設備的命令（Telnet客戶端）等。
1	0，1	監控級	用於系統維護，包括display等命令。說明：並不是所有display命令都是監控級，比如display current-configuration命令和display saved-configuration命令是3級管理級。
2	0，1，2	配置級	業務配置命令，包括路由、各個網絡層次的命令，向用戶提供直接網絡服務。
3~15	0，1，2，3	管理級	用於系統基本運行的命令，對業務提供支撐作用，包括文件系統、FTP、TFTP下載、用戶管理命令、命令級別設置命令；用於業務故障診斷的debugging命令等。

用戶可以配置用戶優先級，實現對不同用戶訪問設備權限的限制，增加設備管理的安全性。
用戶的優先級分為16個級別，級別標識為0～15，標識越高則優先級越高。
用戶的優先級和命令的優先級是相對應的，即用戶只能使用等於或低於自己級別的命令。
缺省情況下，Console口用戶界面對應的默認命令訪問級別是15。
如果用戶界面下配置的命令級別訪問權限與用戶名本身對應的操作權限沖突，以用戶名本身對應的級別為准。

五、查看 Console 用戶界面信息

<Huawei>display user-interface console 0
  Idx  Type     Tx/Rx      Modem Privi ActualPrivi Auth  Int     
+ 0    CON 0    9600       -     3     3           N     -       
  +    : Current UI is active.
  F    : Current UI is active and work in async mode.
  Idx  : Absolute index of UIs.
  Type : Type and relative index of UIs.
  Privi: The privilege of UIs.
  ActualPrivi: The actual privilege of user-interface.
  Auth : The authentication mode of UIs.
      A: Authenticate use AAA.
      N: Current UI need not authentication.
      P: Authenticate use current UI's password.
  Int  : The physical location of UIs.

六、清除已經保存的配置

<Huawei>reset saved-configuration 
Warning: The action will delete the saved configuration in the device.
The configuration will be erased to reconfigure. Continue? [Y/N]:y        //輸入y，確認清除
Warning: Now clearing the configuration in the device.
Apr  6 2021 16:29:00-08:00 Huawei %%01CFM/4/RST_CFG(l)[0]:The user chose Y when 
deciding whether to reset the saved configuration.
Info: Succeeded in clearing the configuration in the device.

    //配置雖然清除了，但是配置的賬戶和密碼還有效，重啟之后仍任需要密碼
<Huawei>system-view 
[Huawei]aaa
[Huawei-aaa]display local-user 
  ----------------------------------------------------------------------------
  User-name                      State  AuthMask  AdminLevel  
  ----------------------------------------------------------------------------
  admin                          A      M         -          
  ----------------------------------------------------------------------------
  Total 1 user(s)
[Huawei-aaa]undo local-user admin      //刪除賬戶包括密碼
[Huawei-aaa]display local-user 
  Total 0 user(s)

<Huawei>reboot

或者設置無需驗證登陸 Console 口
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode none

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 交換機console口配置通過console口連接交換機實驗：通過console口訪問交換機華為交換機修改console密碼華為交換機/路由器重置console密碼華為交換機的組播配置華為交換機DHCP配置華為交換機VRRP配置華為交換機配置命令總結華為交換機配置的導入和導出