设为首页收藏本站订阅本站
开启辅助访问 切换到宽版

雏鹰部落

 找回密码
 立即注册

QQ登录

只需一步,快速开始

搜索
雏鹰部落»雏鹰部落论坛 一起走过的日子 Bootcamp项目与分享 [求助]关于华为交换机
返回列表 发新帖
查看: 2173|回复: 2

[求助]关于华为交换机

[复制链接]
zplover
发表于 2005-8-19 09:24:46 | 显示全部楼层 |阅读模式
向各位请教一下,华为交换机如何设置特权模式密码,也就是要进入system-view需要输入的密码
回复

使用道具 举报

王晓强
发表于 2005-8-19 12:55:58 | 显示全部楼层
<SPAN style="FONT-FAMILY: 黑体">功能需求及组网说明</SPAN><P class=a9><SPAN lang=EN-US><IMG height=213 src="mk:@MSITStore:E:&#92;华为&#92;华为3com交换机Lanswitch配置实例手册-200309-C.chm::/html/交换机远程TELNET登录.files/image001.gif" width=486></SPAN></P><P class=aa><A name=_Toc45703465><SPAN lang=EN-US>telnet</SPAN></A><SPAN style="FONT-FAMILY: 宋体">配置</SPAN></P><P class=MsoNormal style="LINE-HEIGHT: 150%"><SPAN style="FONT-FAMILY: 宋体">『配置环境参数』</SPAN></P><P class=MsoNormal style="MARGIN-LEFT: 52.5pt; LINE-HEIGHT: 125%; TEXT-ALIGN: left" align=left><SPAN lang=EN-US>PC</SPAN><SPAN style="FONT-FAMILY: 宋体">机固定</SPAN><SPAN lang=EN-US>IP</SPAN><SPAN style="FONT-FAMILY: 宋体">地址</SPAN><SPAN lang=EN-US>10.10.10.10/24</SPAN></P><P class=MsoNormal style="MARGIN-LEFT: 52.5pt; LINE-HEIGHT: 125%; TEXT-ALIGN: left" align=left><SPAN lang=EN-US>SwitchA</SPAN><SPAN style="FONT-FAMILY: 宋体">为三层交换机,</SPAN><SPAN lang=EN-US>vlan100</SPAN><SPAN style="FONT-FAMILY: 宋体">地址</SPAN><SPAN lang=EN-US>10.10.10.1/24</SPAN></P><P class=MsoNormal style="MARGIN-LEFT: 52.5pt; LINE-HEIGHT: 125%; TEXT-ALIGN: left" align=left><SPAN lang=EN-US>SwitchA</SPAN><SPAN style="FONT-FAMILY: 宋体">与</SPAN><SPAN lang=EN-US>SwitchB</SPAN><SPAN style="FONT-FAMILY: 宋体">互连</SPAN><SPAN lang=EN-US>vlan10</SPAN><SPAN style="FONT-FAMILY: 宋体">接口地址</SPAN><SPAN lang=EN-US>192.168.0.1/24</SPAN></P><P class=MsoNormal style="MARGIN-LEFT: 52.5pt; LINE-HEIGHT: 125%; TEXT-ALIGN: left" align=left><SPAN lang=EN-US>SwitchB</SPAN><SPAN style="FONT-FAMILY: 宋体">与</SPAN><SPAN lang=EN-US>SwitchA</SPAN><SPAN style="FONT-FAMILY: 宋体">互连接口</SPAN><SPAN lang=EN-US>vlan100</SPAN><SPAN style="FONT-FAMILY: 宋体">接口地址</SPAN><SPAN lang=EN-US>192.168.0.2/24</SPAN></P><P class=MsoNormal style="MARGIN-LEFT: 52.5pt; LINE-HEIGHT: 125%; TEXT-ALIGN: left" align=left><SPAN style="FONT-FAMILY: 宋体">交换机</SPAN><SPAN lang=EN-US>SwitchA</SPAN><SPAN style="FONT-FAMILY: 宋体">通过以太网口</SPAN><SPAN lang=EN-US>ethernet 0/1</SPAN><SPAN style="FONT-FAMILY: 宋体">和</SPAN><SPAN lang=EN-US>SwitchB</SPAN><SPAN style="FONT-FAMILY: 宋体">的</SPAN><SPAN lang=EN-US>ethernet0/24</SPAN><SPAN style="FONT-FAMILY: 宋体">实现互连。</SPAN></P><P class=MsoNormal><SPAN style="FONT-FAMILY: 宋体">『组网需求』</SPAN></P><P class=MsoNormal style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt; TEXT-ALIGN: left" align=left><SPAN lang=EN-US>1.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN lang=EN-US>SwitchA</SPAN><SPAN style="FONT-FAMILY: 宋体">只能允许</SPAN><SPAN lang=EN-US>10.10.10.0/24</SPAN><SPAN style="FONT-FAMILY: 宋体">网段的地址的</SPAN><SPAN lang=EN-US>PC telnet</SPAN><SPAN style="FONT-FAMILY: 宋体">访问</SPAN></P><P class=MsoNormal style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt; TEXT-ALIGN: left" align=left><SPAN lang=EN-US>2.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN lang=EN-US>SwitchA</SPAN><SPAN style="FONT-FAMILY: 宋体">只能禁止</SPAN><SPAN lang=EN-US>10.10.10.0/24</SPAN><SPAN style="FONT-FAMILY: 宋体">网段的地址的</SPAN><SPAN lang=EN-US>PC telnet</SPAN><SPAN style="FONT-FAMILY: 宋体">访问</SPAN></P><P class=MsoNormal style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt; TEXT-ALIGN: left" align=left><SPAN lang=EN-US>3.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN lang=EN-US>SwitchB</SPAN><SPAN style="FONT-FAMILY: 宋体">允许其它任意网段的地址</SPAN><SPAN lang=EN-US>telnet</SPAN><SPAN style="FONT-FAMILY: 宋体">访问</SPAN></P><H1><A name=_Toc45703533><SPAN lang=EN-US>2<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 黑体">数据配置</SPAN></A><SPAN style="FONT-FAMILY: 黑体">步骤</SPAN></H1><P class=MsoNormal><SPAN style="FONT-FAMILY: 宋体">『</SPAN><SPAN lang=EN-US>PC</SPAN><SPAN style="FONT-FAMILY: 宋体">管理交换机的流程』</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>1.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">如果一台</SPAN><SPAN lang=EN-US>PC</SPAN><SPAN style="FONT-FAMILY: 宋体">想远程</SPAN><SPAN lang=EN-US>TELNET</SPAN><SPAN style="FONT-FAMILY: 宋体">到一台设备上,首先要保证能够二者之间正常通信。</SPAN><SPAN lang=EN-US>SwitchA</SPAN><SPAN style="FONT-FAMILY: 宋体">为三层交换机,可以有多个三层虚接口,它的管理</SPAN><SPAN lang=EN-US>vlan</SPAN><SPAN style="FONT-FAMILY: 宋体">可以是任意一个具有三层接口并配置了</SPAN><SPAN lang=EN-US>IP</SPAN><SPAN style="FONT-FAMILY: 宋体">地址的</SPAN><SPAN lang=EN-US>vlan</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>2.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN lang=EN-US>SwitchB</SPAN><SPAN style="FONT-FAMILY: 宋体">为二层交换机,只有一个二层虚接口,它的管理</SPAN><SPAN lang=EN-US>vlan</SPAN><SPAN style="FONT-FAMILY: 宋体">即是对应三层虚接口并配置了</SPAN><SPAN lang=EN-US>IP</SPAN><SPAN style="FONT-FAMILY: 宋体">地址的</SPAN><SPAN lang=EN-US>vlan</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>3.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN lang=EN-US>Telnet</SPAN><SPAN style="FONT-FAMILY: 宋体">用户登录时,缺省需要进行口令认证,如果没有配置口令而通过</SPAN><SPAN lang=EN-US>Telnet</SPAN><SPAN style="FONT-FAMILY: 宋体">登录,则系统会提示“</SPAN><SPAN lang=EN-US>password required, but none set.</SPAN><SPAN style="FONT-FAMILY: 宋体">”。</SPAN></P><P class=MsoNormal><SPAN style="FONT-FAMILY: 宋体">【</SPAN><SPAN lang=EN-US>SwitchA</SPAN><SPAN style="FONT-FAMILY: 宋体">相关配置】</SPAN></P><P class=ac><SPAN lang=EN-US>PC</SPAN><SPAN style="FONT-FAMILY: 宋体">在</SPAN><SPAN lang=EN-US>vlan100</SPAN><SPAN style="FONT-FAMILY: 宋体">内,交换机上对应的端口为</SPAN><SPAN lang=EN-US>E0/10-E0/20</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>1.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">创建(进入)</SPAN><SPAN lang=EN-US>vlan100</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]vlan 100</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>2.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">将</SPAN><SPAN lang=EN-US>E0/10-E0/20</SPAN><SPAN style="FONT-FAMILY: 宋体">加入到</SPAN><SPAN lang=EN-US>vlan10</SPAN><SPAN style="FONT-FAMILY: 宋体">里</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-vlan100] port Ethernet 0/10 to Ethernet 0/20</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>3.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">创建</SPAN><SPAN lang=EN-US>vlan100</SPAN><SPAN style="FONT-FAMILY: 宋体">的虚接口</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]interface Vlan-interface 100</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>4.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">给</SPAN><SPAN lang=EN-US>vlan100</SPAN><SPAN style="FONT-FAMILY: 宋体">的虚接口配置</SPAN><SPAN lang=EN-US>IP</SPAN><SPAN style="FONT-FAMILY: 宋体">地址</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-Vlan-interface100]ip address 10.10.10.1 255.255.255.0</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>5.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">创建(进入)</SPAN><SPAN lang=EN-US>vlan10</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]vlan 10</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>6.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">将连接</SPAN><SPAN lang=EN-US>SwitchB</SPAN><SPAN style="FONT-FAMILY: 宋体">的</SPAN><SPAN lang=EN-US>E0/1</SPAN><SPAN style="FONT-FAMILY: 宋体">加入</SPAN><SPAN lang=EN-US>vlan10</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-vlan10] port Ethernet 0/1 </SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>7.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">创建(进入)</SPAN><SPAN lang=EN-US>vlan10</SPAN><SPAN style="FONT-FAMILY: 宋体">的虚接口</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]interface Vlan-interface 10</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>8.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">给</SPAN><SPAN lang=EN-US>vlan10</SPAN><SPAN style="FONT-FAMILY: 宋体">的虚接口配置</SPAN><SPAN lang=EN-US>IP</SPAN><SPAN style="FONT-FAMILY: 宋体">地址</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-Vlan-interface10]ip address 192.168.0.1 255.255.255.0</SPAN></P><P class=MsoNormal><SPAN style="FONT-FAMILY: 宋体">【</SPAN><SPAN lang=EN-US>SwitchB</SPAN><SPAN style="FONT-FAMILY: 宋体">相关配置】</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>1.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">创建(进入)</SPAN><SPAN lang=EN-US>vlan100</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]vlan 100</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>2.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">将</SPAN><SPAN lang=EN-US>E0/24</SPAN><SPAN style="FONT-FAMILY: 宋体">加入到</SPAN><SPAN lang=EN-US>vlan100</SPAN><SPAN style="FONT-FAMILY: 宋体">里</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-vlan100] port Ethernet 0/24</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>3.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">创建(进入)</SPAN><SPAN lang=EN-US>vlan100</SPAN><SPAN style="FONT-FAMILY: 宋体">的虚接口</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchB]interface Vlan-interface 100</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>4.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">给</SPAN><SPAN lang=EN-US>vlan100</SPAN><SPAN style="FONT-FAMILY: 宋体">的虚接口配置</SPAN><SPAN lang=EN-US>IP</SPAN><SPAN style="FONT-FAMILY: 宋体">地址</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchB-Vlan-interface100]ip address 192.168.0.2 255.255.255.0</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>5.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">一般二层交换机允许其它任意网段访问需要加入一条缺省路由</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchB]ip route-static&nbsp; 0.0.0.0 0.0.0.0 192.168.0.1</SPAN></P><P class=MsoNormal><SPAN style="FONT-FAMILY: 宋体">【</SPAN><SPAN lang=EN-US>TELNET</SPAN><SPAN style="FONT-FAMILY: 宋体">不验证配置】</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-ui-vty0-4]authentication-mode none</SPAN></P><P class=MsoNormal><SPAN style="FONT-FAMILY: 宋体">【</SPAN><SPAN lang=EN-US>TELNET</SPAN><SPAN style="FONT-FAMILY: 宋体">密码验证配置】</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>1.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">进入用户界面视图</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]user-interface vty 0 4</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>2.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">设置认证方式为密码验证方式</SPAN> </P><P class=ac><SPAN lang=EN-US>[SwitchA-ui-vty0-4]authentication-mode password</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>3.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">设置明文密码</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-ui-vty0-4]set authentication password simple Huawei</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>4.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">缺省情况下,</SPAN><SPAN style="FONT-FAMILY: 宋体">从</SPAN><SPAN lang=EN-US>VTY</SPAN><SPAN style="FONT-FAMILY: 宋体">用户界面登录后可以访问的命令级别为</SPAN><SPAN lang=EN-US>0</SPAN><SPAN style="FONT-FAMILY: 宋体">级。需要将用户的权限设置为</SPAN><SPAN lang=EN-US>3</SPAN><SPAN style="FONT-FAMILY: 宋体">,这用户可以进入系统视图进行操作,否则只有</SPAN><SPAN lang=EN-US>0</SPAN><SPAN style="FONT-FAMILY: 宋体">级用户的权限</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-ui-vty0-4]user&nbsp; privilege level 3</SPAN></P><P class=MsoNormal><SPAN style="FONT-FAMILY: 宋体">【</SPAN><SPAN lang=EN-US>TELNET</SPAN><SPAN style="FONT-FAMILY: 宋体">本地用户名和密码验证配置】</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>1.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">进入用户界面视图</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]user-interface vty 0 4</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>2.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">使用</SPAN><SPAN lang=EN-US>authentication-mode</SPAN><SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: black; LINE-HEIGHT: 125%; FONT-FAMILY: 宋体"> </SPAN><SPAN lang=EN-US>scheme</SPAN><SPAN style="FONT-FAMILY: 宋体">命令,</SPAN><SPAN style="FONT-FAMILY: 宋体">表示需要进行</SPAN><SPAN style="FONT-FAMILY: 宋体">本地或远端用户名和口令认证。</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-ui-vty0-4]authentication-mode scheme</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>3.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">设置本地用户名和密码</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]local-user Huawei</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-user-huawei]service-type telnet level 3</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-user-huawei]password simple Huawei</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>4.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">如果不改变</SPAN><SPAN lang=EN-US>TELNET</SPAN><SPAN style="FONT-FAMILY: 宋体">登录用户的权限,用户登录以后是无法直接进入其它视图的,可以设置</SPAN><SPAN lang=EN-US>super password</SPAN><SPAN style="FONT-FAMILY: 宋体">,来控制用户是否有权限进入其它视图</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]local-user Huawei</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-user-huawei]service-type telnet </SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-user-huawei]password simple Huawei</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]super password level 3 simple huawei</SPAN></P><P class=MsoNormal><SPAN lang=EN-US>&nbsp;</SPAN></P><P class=MsoNormal><SPAN style="FONT-FAMILY: 宋体">【</SPAN><SPAN lang=EN-US>TELNET RADIUS</SPAN><SPAN style="FONT-FAMILY: 宋体">验证配置】</SPAN></P><P class=ac><SPAN style="FONT-FAMILY: 宋体">以使用</SPAN><SPAN lang=EN-US>huawei</SPAN><SPAN style="FONT-FAMILY: 宋体">开发的</SPAN><SPAN lang=EN-US>cams</SPAN><SPAN style="FONT-FAMILY: 宋体">作为</SPAN><SPAN lang=EN-US>RADIUS</SPAN><SPAN style="FONT-FAMILY: 宋体">服务器为例</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>1.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">设置</SPAN><SPAN lang=EN-US>TELNET</SPAN><SPAN style="FONT-FAMILY: 宋体">登录方式为</SPAN><SPAN lang=EN-US>scheme</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-ui-vty0-4]authentication-mode scheme</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>2.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">配置</SPAN><SPAN lang=EN-US>RADIUS</SPAN><SPAN style="FONT-FAMILY: 宋体">认证方案</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]radius scheme cams</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>3.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">配置</SPAN><SPAN lang=EN-US>RADIUS</SPAN><SPAN style="FONT-FAMILY: 宋体">认证服务器地址</SPAN><SPAN lang=EN-US>10.110.51.31</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-radius-cams]primary authentication 10.110.51.31 1812</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>4.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">配置</SPAN><SPAN lang=EN-US>RADIUS</SPAN><SPAN style="FONT-FAMILY: 宋体">计费服务器地址</SPAN><SPAN lang=EN-US>10.110.51.31</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-radius-cams]primary accounting 10.110.51.31 1813</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>5.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">配置交换机与认证服务器的验证口令</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-radius-cams]key authentication expert</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>6.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">配置交换机与计费服务器的验证口令</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-radius-cams]key accounting expert</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>7.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">配置服务器类似为</SPAN><SPAN lang=EN-US>huawei</SPAN><SPAN style="FONT-FAMILY: 宋体">,即使用</SPAN><SPAN lang=EN-US>CAMS</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-radius-cams]server-type Huawei</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>8.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">送往</SPAN><SPAN lang=EN-US>RADIUS</SPAN><SPAN style="FONT-FAMILY: 宋体">的报文不带域名</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-radius-cams]user-name-format without-domain</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>9.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">创建(进入)一个域</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]domain Huawei</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>10.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">在域</SPAN><SPAN lang=EN-US>huawei</SPAN><SPAN style="FONT-FAMILY: 宋体">中引用名为“</SPAN><SPAN lang=EN-US>cams</SPAN><SPAN style="FONT-FAMILY: 宋体">”的认证方案</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-isp-huawei]radius-scheme cams</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>11.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">将</SPAN><SPAN lang=EN-US>huawei</SPAN><SPAN style="FONT-FAMILY: 宋体">域设置为缺省域</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]domain default enable huawei</SPAN></P><P class=MsoNormal><SPAN style="FONT-FAMILY: 宋体">【</SPAN><SPAN lang=EN-US>TELNET</SPAN><SPAN style="FONT-FAMILY: 宋体">访问控制配置】</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>1.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">设置只允许符合</SPAN><SPAN lang=EN-US>ACL1</SPAN><SPAN style="FONT-FAMILY: 宋体">的</SPAN><SPAN lang=EN-US>IP</SPAN><SPAN style="FONT-FAMILY: 宋体">地址登录交换机</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-ui-vty0-4]acl 1 inbound</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>2.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">设置规则只允许某网段登录</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]acl number 1</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-acl-basic-1]</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-acl-basic-1]rule permit source 10.10.10.0 0.0.0.255</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>3.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 宋体">设置规则只禁止某网段登录</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA]acl number 1</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-acl-basic-1]</SPAN></P><P class=ac><SPAN lang=EN-US>[SwitchA-acl-basic-1]rule deny source 10.10.10.0 0.0.0.255</SPAN></P><H1><SPAN lang=EN-US>3<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN style="FONT-FAMILY: 黑体">测试验证</SPAN></H1><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>1.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN lang=EN-US>PC</SPAN><SPAN style="FONT-FAMILY: 宋体">属于</SPAN><SPAN lang=EN-US>vlan10</SPAN><SPAN style="FONT-FAMILY: 宋体">可以</SPAN><SPAN lang=EN-US>telnet</SPAN><SPAN style="FONT-FAMILY: 宋体">到</SPAN><SPAN lang=EN-US>SwitchA</SPAN><SPAN style="FONT-FAMILY: 宋体">和</SPAN><SPAN lang=EN-US>SwitchB</SPAN><SPAN style="FONT-FAMILY: 宋体">上,</SPAN></P><P class=ac style="MARGIN-LEFT: 73.5pt; TEXT-INDENT: -21pt"><SPAN lang=EN-US>2.<SPAN style="FONT: 7pt &#39;Times New Roman&#39;">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; </SPAN></SPAN><SPAN lang=EN-US>PC</SPAN><SPAN style="FONT-FAMILY: 宋体">属于其它</SPAN><SPAN lang=EN-US>vlan</SPAN><SPAN style="FONT-FAMILY: 宋体">不能</SPAN><SPAN lang=EN-US>telnet</SPAN><SPAN style="FONT-FAMILY: 宋体">到</SPAN><SPAN lang=EN-US>SwitchA</SPAN><SPAN style="FONT-FAMILY: 宋体">,能够</SPAN><SPAN lang=EN-US>telnet</SPAN><SPAN style="FONT-FAMILY: 宋体">到</SPAN><SPAN lang=EN-US>SwitchB</SPAN><SPAN style="FONT-FAMILY: 宋体">上</SPAN></P>
回复 支持 反对

使用道具 举报

zplover
 楼主| 发表于 2005-8-19 13:51:22 | 显示全部楼层
<P>谢谢了,原来是设置权限级别的问题,那就是跟1900的最高级别15的权限一样,华为需要设置权限级别为3,怪不得我每次telnet到华为交换机不能进入system-view模式,原来我每次设置的权限为0</P>
回复 支持 反对

使用道具 举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|熊猫同学技术论坛|小黑屋| 网络工程师论坛 ( 沪ICP备09076391 )

GMT+8, 2024-4-28 19:29 , Processed in 0.074803 second(s), 18 queries , Gzip On.

快速回复 返回顶部 返回列表