1: Configure the ssh login method for Huawei switches
1:user-interface vty 0 4 Configure the number of terminal connections
//VTY means virtual terminal connection. That is, a process that will occupy the VTY after the remote user logs in. The authentication method of login information is also configured in vty. The 04 behind vty 0 4 represents 0-4 users or 5 users 2:authentication-mode aaa configure authentication parameters Networking requirements As shown in Figure 13-1, the enterprise hopes that the administrator can remotely manage the device in a simple, convenient and safe manner. You can configure the administrator to log in to the device through Telnet: The administrator can log in to the device through Telnet only after entering the correct user name and password. After the administrator logs in to the device through Telnet, he can execute all command lines of command level 0 to 3. Figure 13-1 Networking diagram for configuring user authentication to log in to the device through Telnet (AAA local authentication) Configuration ideas Enable Telnet service. Set the authentication mode for users to log in through Telnet to AAA. Configure AAA local authentication: create a local user, specify that the user's access type is Telnet, and configure the user level to level 15. Steps <HUAWEI> sys [HUAWEI] sysname Switch [Switch] vlan batch 10 [Switch] interface vlanif 10 [Switch-Vlanif10] ip address 10.1.2.10 24 [Switch-Vlanif10] quit [Switch] interface gigabitethernet1/0/1 [Switch-GigabitEthernet1/0/1] port link-type access [Switch-GigabitEthernet1/0/1] port default vlan 10 [Switch-GigabitEthernet1/0/1] quit [Switch] telnet server enable [Switch] user-interface maximum-vty 15 //Configure the maximum number of login users on the VTY user interface to 15 (this number varies between different versions and different forms, depending on the device). By default, the maximum number of Telnet users Number[Switch] user-interface vty 0 14 //Enter the VTY user interface view from 0 to 14 [Switch-ui-vty0-14] authentication-mode aaa //Configure the authentication mode of the VTY user interface to AAA [Switch-ui-vty0-14] protocol inbound telnet //Configure the protocol supported by the VTY user interface as Telnet. The default protocol used in V200R006 and earlier versions is Telnet. This option can be omitted; V200R007 and later versions use the default protocol. The protocol is the SSH protocol, which must be configured. protocol stack telnet [Switch-ui-vty0-14] quit [Switch] aaa [Switch-aaa] local-user user1 password irreversible-cipher Huawei@1234 //Create local user user1 and configure the password. Since the password in the configuration file is displayed in cipher text, it is recommended to remember the password. Otherwise, you need to run this command again to overwrite the configuration. (This command is local-user user-name password cipher password in V200R002 and earlier versions) [Switch-aaa] local-user user1 service-type telnet //Configure the access type of local user user1 to Telnet. This user can only log in using Telnet (by default, versions earlier than V200R007 allow users to use all access types , V200R007 and later versions disable all access types for users) [Switch-aaa] local-user user1 privilege level 15 //Configure the user level of local user user1 to 15. After logging in, the user can execute commands equal to or lower than level 3 Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N] y [Switch-aaa] quit 2: Detailed explanation of the three types of Huawei switch ports a: access access mode // Access type ports can only belong to one VLAN, and are generally used to connect to computer ports b: trunk trunk mode // Trunk type ports can belong to multiple VLANs and can receive and send packets of multiple VLANs, generally used for ports connected between switches c: hybrid hybrid mode // Hybrid type ports can belong to multiple VLANs, can receive and send packets of multiple VLANs, can be used for connection between switches, and can also be used to connect users' computers.