国内各大高校开源镜像站

排名不分前后

华为网络设备认证登录设置

配置前提:路由器、交换机vlan管理ip已配置

Console Password认证登录设置

1
2
3
4
5
6
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode password
[Huawei-ui-console0]set authentication password cipher 123

“set authentication password cipher 123” 该命令为设置加密密钥
“set authentication password simple123” 该命令为设置明文密钥

加密密钥与明文密钥的区别

明文密钥设置后,用户可通过用户试图查看交换机配置中查看到设置的密钥文本
加密密钥设置后,用户也可通过交换机配置查看到密码文本,但此时的密钥文本经过特殊加密且不可逆
cipher密钥

Console AAA认证登录设置

1
2
3
4
5
6
7
8
9
10
11
<Huawei>system
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode aaa
[Huawei-ui-console0]quit
[Huawei]aaa
// local-user 用户名 password cipher 密码
[Huawei-aaa]local-user admin password cipher 123
[Huawei-aaa]local-user admin service-type terminal
// 设置用户等级(即可执行命令限制)
[Huawei-aaa]local-user admin privilege level 15

AAA ,认证(Authentication):验证用户的身份与可使用的网络服务;授权(Authorization):依据认证结果开放网络服务给用户;计帐(Accounting):记录用户对各种网络服务的用量,并提供给计费系统。整个系统在网络管理与安全问题中十分有效。

Telnet AAA认证登录设置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<Huawei>system
Enter system view, return user view with Ctrl+Z.
// 开启telnet服务
[Huawei]telnet server enable
Info: The Telnet server has been enabled.
// 设置最大登录数量(最大值为15
[Huawei]user-interface maximum-vty 15
[Huawei]user-interface vty 0 14
[Huawei-ui-vty0-14]protocol inbound telnet
[Huawei-ui-vty0-14]authentication-mode aaa
[Huawei-ui-vty0-14]quit
[Huawei]aaa
[Huawei-aaa]local-user user1 password cipher 123
Info: Add a new user.
[Huawei-aaa]local-user user1 service-type telnet
[Huawei-aaa]local-user user1 privilege level 15

Telnet登录

SSH AAA认证登录

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
// 开启 ssh服务
[Huawei]stelnet server enable
Info: Succeeded in starting the Stelnet server.
// 生成本地密钥对
[Huawei]rsa local-key-pair create
The key name will be: Huawei_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 512]:1024
Generating keys...
....................................++++++
............++++++
..............................++++++++
..++++++++

[Huawei]user-interface vty 0 4
[Huawei-ui-vty0-4]authentication-mode aaa
[Huawei-ui-vty0-4]protocol inbound ssh
[Huawei-ui-vty0-4]quit
[Huawei]aaa
[Huawei-aaa]local-user user2 password cipher 123
Info: Add a new user.
[Huawei-aaa]local-user user2 service-type ssh
[Huawei-aaa]local-user user2 privilege level 3
[Huawei-aaa]quit
[Huawei]ssh authentication-type default password

SSH登录

华为交换机多VLAN通过单线实现互通

拓补图

网络拓补图

所需设备

  • AR201 路由 一台
  • S5700 交换机 一台
  • S3700 交换机 两台
  • 若干PC机或终端

    路由配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
// 进入接口配置
[Huawei]interface Ethernet0/0/0
// 将二层口切换至三层口
[Huawei-Ethernet0/0/0]undo portswitch
// 进入子接口模式
[Huawei]int Ethernet0/0/0.10
// 封装dot1q协议
[Huawei-Ethernet0/0/0.10]dot1q termination vid 10
// 配置接口IP
[Huawei-Ethernet0/0/0.10]ip add 192.168.0.1 255.255.255.0
// 子接口2同理
[Huawei]int Ethernet0/0/0.20
[Huawei-Ethernet0/0/0.20]dot1q termination vid 20
[Huawei-Ethernet0/0/0.20]ip add 192.168.1.1 255.255.255.0

S3700 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
// 关闭终端日志提醒,不关的话可能时不时命令敲一半被刷掉
[Huawei]undo inf en
Info: Information center is disabled.
// 进入0/0/1端口配置
[Huawei]interface Ethernet0/0/1
// 设置端口模式为access
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]quit
// 第二个口同理
[Huawei]interface Ethernet0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]quit
// 进入吉比特0/0/2端口配置
[Huawei]interface GigabitEthernet 0/0/2
// 设置端口模式为Trunk 主干模式
[Huawei-GigabitEthernet0/0/2]port link-type trunk
// 允许所有vlan通过此端口
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/2]quit
// 创建 VLAN 10
[Huawei]vlan 10
// 将端口划入VLAN 10
[Huawei-vlan10]port Ethernet 0/0/1
// 同理配置
[Huawei]vlan 20
[Huawei-vlan20]port Ethernet 0/0/2

配置查看

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<Huawei>dis cur
#
sysname Huawei
#
undo info-center enable
#
vlan batch 10 20
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 20
#
interface Ethernet0/0/3
#
interface Ethernet0/0/4
#
interface Ethernet0/0/5
#
interface Ethernet0/0/6
#
interface Ethernet0/0/7
#
interface Ethernet0/0/8
#
interface Ethernet0/0/9
#
interface Ethernet0/0/10
#
interface Ethernet0/0/11
#
interface Ethernet0/0/12
#
interface Ethernet0/0/13
#
interface Ethernet0/0/14
#
interface Ethernet0/0/15
#
interface Ethernet0/0/16
#
interface Ethernet0/0/17
#
interface Ethernet0/0/18
#
interface Ethernet0/0/19
#
interface Ethernet0/0/20
#
interface Ethernet0/0/21
#
interface Ethernet0/0/22
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4
#
return


S5700 配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]gvrp
[Huawei]int gi0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]gvrp
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]vlan 30
[Huawei-vlan30]quit
[Huawei]vlan 40
[Huawei-vlan40]quit
[Huawei]int vlan 30
[Huawei-Vlanif30]ip add 192.168.2.1 255.255.255.0
[Huawei-Vlanif30]quit
[Huawei-vlan40]int vlan 40
[Huawei-Vlanif40]ip add 192.168.3.1 255.255.255.0
[Huawei-Vlanif40]quit

下联交换机S3700也要配置gvrp学习上联S5700 VLAN配置,然后S5700与AR210之间要做静态路由配置保证联通