天天看点
返回

H3C远程管理设备telnet/SSH

# 通过Console口登录设备,进入系统视图,开启Telnet服务。

system-view

[Sysname] telnet server enable

# 设置通过VTY用户线登录交换机使用AAA的认证方式。

[Sysname] line vty 0 63

[Sysname-line-vty0-63] authentication-mode scheme

[Sysname-line-vty0-63] quit

# 创建本地用户userA,授权其用户角色为network-admin,为其配置密码,删除默认角色。

[Sysname] local-user userA class manage

New local user added.

[Sysname-luser-manage-userA] authorization-attribute user-role network-admin

[Sysname-luser-manage-userA] service-type telnet

[Sysname-luser-manage-userA] password simple 123

[Sysname-luser-manage-userA] undo authorization-attribute user-role network-operator

[Sysname-luser-manage-userA] quit

# 创建用户角色roleB,权限为允许执行所有特性中读类型的命令。

[Sysname] role name roleB

[Sysname-role-roleB] rule 1 permit read feature

[Sysname-role-roleB] quit

# 创建本地用户userB,为其配置密码,授权其用户角色为roleB,删除默认角色。

[Sysname] local-user userB class manage

New local user added.

[Sysname-luser-manage-userB] authorization-attribute user-role roleB

[Sysname-luser-manage-userB] service-type telnet

[Sysname-luser-manage-userB] password simple 123

[Sysname-luser-manage-userB] undo authorization-attribute user-role network-operator

[Sysname-luser-manage-userB] quit

# 创建ACL视图,定义规则,仅允许来自192.168.0.46和192.168.0.52的用户访问交换机。

[Sysname] acl basic 2000

[Sysname-acl-ipv4-basic-2000] rule 1 permit source 192.168.0.46 0

[Sysname-acl-ipv4-basic-2000] rule 2 permit source 192.168.0.52 0

[Sysname-acl-ipv4-basic-2000] rule 3 deny source any

[Sysname-acl-ipv4-basic-2000] quit

# 引用访问控制列表2000,通过源IP对Telnet用户进行控制。

[Sysname] telnet server acl 2000

————————————————————————————————

SSH配置

# 生成RSA密钥对。

system-view

[Device] public-key local create rsa

The range of public key modulus is (512 ~ 4096).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys…

Create the key pair successfully.

# 生成DSA密钥对。

[Device] public-key local create dsa

The range of public key modulus is (512 ~ 2048).

If the key modulus is greater than 512, it will take a few minutes.

Press CTRL+C to abort.

Input the modulus length [default = 1024]:

Generating Keys…

Create the key pair successfully.

# 生成ECDSA密钥对。

[Device] public-key local create ecdsa secp256r1

Generating Keys…

.

Create the key pair successfully.

# 使能SSH服务器功能。

[Device] ssh server enable

# 创建VLAN 2,并将GigabitEthernet1/0/2加入VLAN 2。

[Device] vlan 2

[Device-vlan2] port GigabitEthernet 1/0/2

[Device-vlan2] quit

# 配置VLAN接口2的IP地址,客户端将通过该地址连接Stelnet服务器。

[Device] interface vlan-interface 2

[Device-Vlan-interface2] ip address 192.168.1.40 255.255.255.0

[Device-Vlan-interface2] quit

# 设置Stelnet客户端登录用户界面的认证方式为scheme。

[Device] line vty 0 63

[Device-line-vty0-63] authentication-mode scheme

[Device-line-vty0-63] quit

# 创建本地用户client001,并设置用户密码、服务类型和用户角色。

[Device] local-user client001 class manage

New local user added.

[Device-luser-manage-client001] password simple aabbcc

[Device-luser-manage-client001] service-type ssh

[Device-luser-manage-client001] authorization-attribute user-role network-admin

[Device-luser-manage-client001] quit

运维 h3c
上一篇: H3C设备运维常用查询命令
下一篇: 清空H3C交换机CF存储回收站空间

继续阅读