华为网络设备认证登录设置

配置前提:路由器、交换机vlan管理ip已配置

Console Password认证登录设置

1
2
3
4
5
6
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode password
[Huawei-ui-console0]set authentication password cipher 123

“set authentication password cipher 123” 该命令为设置加密密钥
“set authentication password simple123” 该命令为设置明文密钥

加密密钥与明文密钥的区别

明文密钥设置后,用户可通过用户试图查看交换机配置中查看到设置的密钥文本
加密密钥设置后,用户也可通过交换机配置查看到密码文本,但此时的密钥文本经过特殊加密且不可逆
cipher密钥

Console AAA认证登录设置

1
2
3
4
5
6
7
8
9
10
11
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode aaa
[Huawei-ui-console0]quit
[Huawei]aaa
// local-user 用户名 password cipher 密码
[Huawei-aaa]local-user admin password cipher 123
[Huawei-aaa]local-user admin service-type terminal
// 设置用户等级(即可执行命令限制)
[Huawei-aaa]local-user admin privilege level 15

AAA ,认证(Authentication):验证用户的身份与可使用的网络服务;授权(Authorization):依据认证结果开放网络服务给用户;计帐(Accounting):记录用户对各种网络服务的用量,并提供给计费系统。整个系统在网络管理与安全问题中十分有效。

Telnet AAA认证登录设置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<Huawei>system
Enter system view, return user view with Ctrl+Z.
// 开启telnet服务
[Huawei]telnet server enable
Info: The Telnet server has been enabled.
// 设置最大登录数量(最大值为15
[Huawei]user-interface maximum-vty 15
[Huawei]user-interface vty 0 14
[Huawei-ui-vty0-14]protocol inbound telnet
[Huawei-ui-vty0-14]authentication-mode aaa
[Huawei-ui-vty0-14]quit
[Huawei]aaa
[Huawei-aaa]local-user user1 password cipher 123
Info: Add a new user.
[Huawei-aaa]local-user user1 service-type telnet
[Huawei-aaa]local-user user1 privilege level 15

Telnet登录

SSH AAA认证登录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
// 开启 ssh服务
[Huawei]stelnet server enable
Info: Succeeded in starting the Stelnet server.
// 生成本地密钥对
[Huawei]rsa local-key-pair create
The key name will be: Huawei_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
....................................++++++
............++++++
..............................++++++++
..++++++++

[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]protocol inbound ssh
[Huawei-ui-vty0-4]quit
[Huawei]aaa
[Huawei-aaa]local-user user2 password cipher 123
Info: Add a new user.
[Huawei-aaa]local-user user2 service-type ssh
[Huawei-aaa]local-user user2 privilege level 3
[Huawei-aaa]quit
[Huawei]ssh authentication-type default password

SSH登录