# 通過Console口登入裝置,進入系統視圖,開啟Telnet服務。
system-view
[Sysname] telnet server enable
# 設定通過VTY使用者線登入交換機使用AAA的認證方式。
[Sysname] line vty 0 63
[Sysname-line-vty0-63] authentication-mode scheme
[Sysname-line-vty0-63] quit
# 建立本地使用者userA,授權其使用者角色為network-admin,為其配置密碼,删除預設角色。
[Sysname] local-user userA class manage
New local user added.
[Sysname-luser-manage-userA] authorization-attribute user-role network-admin
[Sysname-luser-manage-userA] service-type telnet
[Sysname-luser-manage-userA] password simple 123
[Sysname-luser-manage-userA] undo authorization-attribute user-role network-operator
[Sysname-luser-manage-userA] quit
# 建立使用者角色roleB,權限為允許執行所有特性中讀類型的指令。
[Sysname] role name roleB
[Sysname-role-roleB] rule 1 permit read feature
[Sysname-role-roleB] quit
# 建立本地使用者userB,為其配置密碼,授權其使用者角色為roleB,删除預設角色。
[Sysname] local-user userB class manage
New local user added.
[Sysname-luser-manage-userB] authorization-attribute user-role roleB
[Sysname-luser-manage-userB] service-type telnet
[Sysname-luser-manage-userB] password simple 123
[Sysname-luser-manage-userB] undo authorization-attribute user-role network-operator
[Sysname-luser-manage-userB] quit
# 建立ACL視圖,定義規則,僅允許來自192.168.0.46和192.168.0.52的使用者通路交換機。
[Sysname] acl basic 2000
[Sysname-acl-ipv4-basic-2000] rule 1 permit source 192.168.0.46 0
[Sysname-acl-ipv4-basic-2000] rule 2 permit source 192.168.0.52 0
[Sysname-acl-ipv4-basic-2000] rule 3 deny source any
[Sysname-acl-ipv4-basic-2000] quit
# 引用通路控制清單2000,通過源IP對Telnet使用者進行控制。
[Sysname] telnet server acl 2000
————————————————————————————————
SSH配置
# 生成RSA密鑰對。
system-view
[Device] public-key local create rsa
The range of public key modulus is (512 ~ 4096).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys…
…
Create the key pair successfully.
# 生成DSA密鑰對。
[Device] public-key local create dsa
The range of public key modulus is (512 ~ 2048).
If the key modulus is greater than 512, it will take a few minutes.
Press CTRL+C to abort.
Input the modulus length [default = 1024]:
Generating Keys…
…
Create the key pair successfully.
# 生成ECDSA密鑰對。
[Device] public-key local create ecdsa secp256r1
Generating Keys…
.
Create the key pair successfully.
# 使能SSH伺服器功能。
[Device] ssh server enable
# 建立VLAN 2,并将GigabitEthernet1/0/2加入VLAN 2。
[Device] vlan 2
[Device-vlan2] port GigabitEthernet 1/0/2
[Device-vlan2] quit
# 配置VLAN接口2的IP位址,用戶端将通過該位址連接配接Stelnet伺服器。
[Device] interface vlan-interface 2
[Device-Vlan-interface2] ip address 192.168.1.40 255.255.255.0
[Device-Vlan-interface2] quit
# 設定Stelnet用戶端登入使用者界面的認證方式為scheme。
[Device] line vty 0 63
[Device-line-vty0-63] authentication-mode scheme
[Device-line-vty0-63] quit
# 建立本地使用者client001,并設定使用者密碼、服務類型和使用者角色。
[Device] local-user client001 class manage
New local user added.
[Device-luser-manage-client001] password simple aabbcc
[Device-luser-manage-client001] service-type ssh
[Device-luser-manage-client001] authorization-attribute user-role network-admin
[Device-luser-manage-client001] quit