华为交换机Console⼝属性配置华为交换机Console⼝属性配置
⼀、设置通过账号和密码(AAA验证)登陆Console⼝
1. 进⼊ Console ⽤户界⾯视图
<Huawei>system-view
[Huawei]ur-interface console 0
[Huawei-ui-console0]
2. 在 Console ⽤户界⾯视图下,设置⽤户验证⽅式为 AAA 验证
[Huawei-ui-console0]authentication-mode ?
aaa AAA authentication
none Login without checking //⽆需验证直接登陆console⼝
password Authentication through the password of a ur terminal interface //只通过输⼊密码登陆console⼝[Huawei-ui-console0]authentication-mode aaa
3. 进⼊AAA视图,配置登 Console ⼝的账号和密码
[Huawei-ui-console0]q
[Huawei]aaa
[Huawei-aaa]local-ur ?
STRING<1-64> Ur name, in form of 'ur@domain'. Can u wildcard '*',
while displaying and modifying, such as *@isp,ur@*,*@*.Can
not include invalid character / \ : * ? " < > | @ '
[Huawei-aaa]local-ur admin ?
access-limit Set access limit of ur(s)
ftp-directory Set ur(s) FTP directory permitted
idle-timeout Set the timeout period for terminal ur(s)
password Set password
privilege Set admin ur(s) level
rvice-type Service types for authorized ur(s)
state Activate/Block the ur(s)
[Huawei-aaa]local-ur admin password ?
cipher Ur password with cipher text //以密⽂⽅式显⽰⼝令
simple Ur password with plain text //以明⽂⽅式显⽰⼝令
[Huawei-aaa]local-ur admin password cipher ?
STRING<1-16>/<24> The UNENCRYPTED/ENCRYPTED password string
[Huawei-aaa]local-ur admin password cipher 123456
Info: Add a new ur.
林彪简介/
/查看账户信息
[Huawei-aaa]display local-ur
----------------------------------------------------------------------------
Ur-name State AuthMask AdminLevel
----------------------------------------------------------------------------
admin A A -
----------------------------------------------------------------------------
Total 1 ur(s)
4. 设置登陆 Console 的账号和密码的服务类型为 Console(terminal)类型
[Huawei-aaa]local-ur admin ?
access-limit Set access limit of ur(s)
ftp-directory Set ur(s) FTP directory permitted
idle-timeout Set the timeout period for terminal ur(s)
password Set password
privilege Set admin ur(s) level
rvice-type Service types for authorized ur(s)
state Activate/Block the ur(s)
[Huawei-aaa]local-ur admin rvice-type ?
8021x 802.1x ur
bind Bind authentication ur
ftp FTP ur
http Http ur
ppp PPP ur
ssh SSH ur掌舵人
telnet Telnet ur
terminal Terminal ur
web Web authentication ur
x25-pad X25-pad ur
[Huawei-aaa]local-ur admin rvice-type terminal ?
8021x 802.1x ur
bind Bind authentication ur
ftp FTP ur
http Http ur
ppp PPP ur
ssh SSH ur
telnet Telnet ur
web Web authentication ur
x25-pad X25-pad ur
<cr>
[Huawei-aaa]local-ur admin rvice-type terminal
//再次查看账户信息
[Huawei-aaa]display local-ur
----------------------------------------------------------------------------
Ur-name State AuthMask AdminLevel
-
---------------------------------------------------------------------------
admin A M -
----------------------------------------------------------------------------
Total 1 ur(s)
//保存配置
<Huawei>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y //输⼊y,确认
Now saving the current configuration to the slot 0.
Apr 6 2021 16:09:10-08:00 Huawei %%01CFM/4/SAVE(l)[55]:The ur cho Y when de
ciding whether to save the configuration to the device.
Save the configuration successfully.
⼆、设置只通过密码登陆 Console ⼝捉狐
1. 进⼊ Console ⽤户界⾯视图,设置只通过密码登陆 Console ⼝模式
<Huawei>system-view
[Huawei]ur-interface console 0
[Huawei-ui-console0]authentication-mode password
2. 设置验证密码,输⼊的密码可以是明⽂或密⽂
[Huawei-ui-console0]t authentication ?
password Set the password for a ur interface
[Huawei-ui-console0]t authentication password ?
cipher Set the password with cipher text //以密⽂⽅式显⽰⼝令
simple Set the password in plain text //以明⽂⽅显⽰⼝令
[Huawei-ui-console0]t authentication password cipher ?快餐文化
STRING<1-16>/<24> Plain text/cipher text password
[Huawei-ui-console0]t authentication password cipher 123456
//查看操作的步骤
[Huawei-ui-console0]display this
#
ur-interface con 0
authentication-mode password
t authentication password cipher yLST2)ywQ@:.`&R&e7S(bTi# //密码加密处理了
ur-interface vty 0 4
#
return
//保存配置枸杞盆栽
<Huawei>save
The current configuration will be written to the device.
Are you sure to continue?[Y/N]y //输⼊y,确认
Now saving the current configuration to the slot 0.
Apr 6 2021 16:09:10-08:00 Huawei %%01CFM/4/SAVE(l)[55]:The ur cho Y when de
ciding whether to save the configuration to the device.
Save the configuration successfully.
1. 输⼊的密码可以是明⽂或者密⽂,当不指定cipher password参数时,将采⽤交互⽅式输⼊明⽂密码;
2. 当指定cipher password参数时,既可以输⼊明⽂密码也可以输⼊密⽂密码,但都将以密⽂形式保存在配置⽂件中。
3. 当⽤户输⼊密码时,直接以明⽂形式输⼊存在安全风险,建议⽤户以交互式⽅式输⼊。
三、设置直接登陆 Console ⼝,⽆需验证
<Huawei>system-view
甲午殇思[Huawei]ur-interface console 0
[Huawei-ui-console0]authentication-mode none
四、配置Console⽤户界⾯的⽤户优先级<Huawei>system-view
[Huawei]ur-interface console 0
[Huawei-ui-console0]ur privilege level ?
INTEGER<0-15> Set a priority
[Huawei-ui-console0]ur privilege level 3
⽤户级别和命令级别对应关系表:
⽤户级
别命令级别
级别名
称
说明
00参观级⽹络诊断⼯具命令(ping、tracert)、从本设备出发访问外部设备的命令(Telnet客户端)等。
10,1监控级⽤于系统维护,包括display等命令。
说明:并不是所有display命令都是监控级,⽐如display current-configuration命令和display saved-configuration命令是3级管理级。
20,1,2配置级业务配置命令,包括路由、各个⽹络层次的命令,向⽤户提供直接⽹络服务。
3~150,1,2,3管理级⽤于系统基本运⾏的命令,对业务提供⽀撑作⽤,包括⽂件系统、FTP、TFTP下载、⽤户管理命令、命令级别设置命令;
⽤于业务故障诊断的debugging命令等。
1. ⽤户可以配置⽤户优先级,实现对不同⽤户访问设备权限的限制,增加设备管理的安全性。
2. ⽤户的优先级分为16个级别,级别标识为0~15,标识越⾼则优先级越⾼。
3. ⽤户的优先级和命令的优先级是相对应的,即⽤户只能使⽤等于或低于⾃⼰级别的命令。
4. 缺省情况下,Console⼝⽤户界⾯对应的默认命令访问级别是15。
5. 如果⽤户界⾯下配置的命令级别访问权限与⽤户名本⾝对应的操作权限冲突,以⽤户名本⾝对应的级别为准。
五、查看 Console ⽤户界⾯信息
<Huawei>display ur-interface console 0
Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int
+ 0 CON 0 9600 - 3 3 N -
+ : Current UI is active.
F : Current UI is active and work in async mode.
Idx : Absolute index of UIs.
画公主裙子Type : Type and relative index of UIs.
Privi: The privilege of UIs.
ActualPrivi: The actual privilege of ur-interface.
Auth : The authentication mode of UIs.
A: Authenticate u AAA.
N: Current UI need not authentication.
P: Authenticate u current UI's password.
Int : The physical location of UIs.
六、清除已经保存的配置
<Huawei>ret saved-configuration
Warning: The action will delete the saved configuration in the device.
The configuration will be erad to reconfigure. Continue? [Y/N]:y //输⼊y,确认清除
Warning: Now clearing the configuration in the device.
Apr 6 2021 16:29:00-08:00 Huawei %%01CFM/4/RST_CFG(l)[0]:The ur cho Y when
deciding whether to ret the saved configuration.
Info: Succeeded in clearing the configuration in the device.
//配置虽然清除了,但是配置的账户和密码还有效,重启之后仍任需要密码
<Huawei>system-view
[Huawei]aaa
[Huawei-aaa]display local-ur
----------------------------------------------------------------------------
Ur-name State AuthMask AdminLevel
----------------------------------------------------------------------------
excel游戏admin A M -
----------------------------------------------------------------------------
Total 1 ur(s)
[Huawei-aaa]undo local-ur admin //删除账户包括密码
[Huawei-aaa]display local-ur
Total 0 ur(s)
<Huawei>reboot
或者设置⽆需验证登陆 Console ⼝
[Huawei]ur-interface console 0
[Huawei-ui-console0]authentication-mode none
