1. switches, routers renamed:
<The Huawei> System-View \\ enter system view
[Huawei] sysname LSW1 \\ modify the host name for the LSW1
[LSW1]
2. Configure IP address:
<LSW1> System-View \\ system view
[LSW1] Vlanif interface. 1 \\ view access port
[LSW1-Vlanif1] IP address 192.168.0.1 24 \\ IP address configuration
3. The arrangement of the switch and the user interface VTY Console User Interface:
A.Console user
[LSW3] User-interface Console 0 \\ view of the Console User Interface
[LSW3-UI-console0] MODE-password authentication \\ disposed Console user interface requires password authentication
[LSW3-UI-console0] SET the Huawei authentication password simple \\ configure the Huawei password, and password in plain text in the configuration file, the ciphertext if necessary, the commands into simple cipher key
[LSW3-UI-console0] IDLE-timeout 30 \\ configured timeout is 30 minutes (10 minutes by default, the first parameter of the command minutes, a second parameter is the second, if only one parameter, the system is considered in setting minutes, two parameters are input 0, was never timeout)
B.VTY user
[LSW3] User-interface. 4 VTY 0 \\ view VTY user enters (line 0-4)
[LSW3-UI-vty0-4] Telnet Protocol inbound \\ access type configured as Telnet (default Telnet)
[LSW3-UI-vty0-4] MODE-password authentication \\ authentication mode is password (default password authentication)
[LSW3-UI-vty0-4] SET authentication password simple Huawe1 \\ configured password Huawe1, and password in plain text in the configuration file, the ciphertext if necessary, the commands into simple cipher key
[LSW3-UI-vty0-4] User Privilege Level 15 \\ VTY user permissions to 15 (default 0)
[LSW3-UI-vty0-4] IDLE-timeout 30 40 \\ configured timeout is 30 minutes and 40 seconds (10 minutes by default, the first parameter of the command minutes, a second parameter is the second, if only one parameter the system considered in setting minutes, two parameters are input 0, was never timeout)
4. S7 is disposed on E0 / 0/1 port security; the maximum number of MAC addresses to a security; Server1 the MAC binding in the E0 / 0/1; protective action is closed; MAC functions enable Sticky
[S7] interface Eth0 / 0 /. 1 \\ view access port
[S7-Ethernet0 / 0 /. 1] Port-Security enable \\ open port security
[S7-Ethernet0 / 0/1] Security-Port MAC-NUM-1 max \\ The maximum number of secure MAC address is set to 1
[S7-Ethernet0 / 0 /. 1] Port-MAC-address Security Sticky \\ turn Sticky MAC function
[S7-Ethernet0 / 0 /. 1] Security Port MAC-address-VLAN Sticky 5678-5678-5678. 1 \\ 5678-5678-5678 MAC address is statically bound on this port (Note: a MAC address can be bound on one port)
[S7-Ethernet0 / 0 /. 1] Action-Port-Security Protect the shutdown \\ configured to close the protective action
5. S5 arranged on the E0 / 0/1-E0 / 0/22 port security; the maximum number of MAC addresses to secure 5; secure MAC address acquisition mode to switch automatically learning; protective actions for protection; enable Sticky MAC function
[S7] Port Group-1 \\ creates an ID for a port group
[-Port-Group-S7. 1] Group Member-e0 / 0/1 to e0 / 0/22 \\ will e0 / 0/1 to e0 / 0/22 was added to this port group, the command will be performed on the port group synchronization performed on all ports in the port group
[S7-port-group-1]port-security enable
[S7-port-group-1]port-security max-mac-num 5
[S7-port-group-1]port-security mac-address sticky
[S7-port-group-1]port-security protect-action protect
6. VTY user interfaces on AR2
A local user access type of the SSH , the authentication mode as AAA authentication , the user set timeout period, the user interface is provided, idle timeout time of 30 minutes 40 seconds
[AR2] rsa local-Key-pair the Create \\ create a secret key for
The key name will be: S6_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
The bits in Modulus The INPUT [default = 512]: \\ length arranged keys may directly enter, directly enter the secret key length is provided to the default length, 512 may also be entered, the greater the security, but the secret key length. , the greater the amount of calculation, the greater the pressure on the equipment
Generating keys...
.....................................++++++++++++
........++++++++++++
.++++++++
..........++++++++
[AR2] stelnet Server enable \\ open SSH
Info: Succeeded in starting the Stelnet server.
[AR2 of] User-interface. 4 VTY 0 \\ view VTY user enters (line 0-4)
[AR2 of-UI-vty0-4] Protocol inbound SSH \\ access type configured to ssh (default Telnet)
[AR2 of-UI-vty0-4] MODE-AAA authentication \\ AAA authentication mode is specified (the default is password authentication)
[AR2 of-UI-vty0-4] IDLE-timeout 30 40 \\ configured timeout is 30 minutes and 40 seconds (10 minutes by default, the first parameter of the command minutes, a second parameter is the second, if only one parameter the system considered in setting minutes, two parameters are input 0, was never timeout)
B enter AAA configuration view, create a user for the SSH service, the user name szabc, password szabc, password in clear text user rating of 15
[AR2 of] AAA \\ AAA view
[AR2-aaa] local-szabc the User password the Simple szabc \\ create a user
Info: Add a new user.
[AR2 of-AAA] szabc local-Service-User-type SSH \\ user specified purposes
[AR2 of-AAA] szabc local Privilege Level User-15 \\ configure user permissions
[AR2-aaa]quit
[AR2 of] User szabc SSH authentication password-type \\ the SSH protocol and authentication password associated with the user together
C Verify : On AR1 test to see if remote access using the SSH protocol AR2.
[AR1] First-Time enable SSH Client \\ initial setup the SSH client
[AR1] stelnet 192.168.0.2 \\ 192.168.0.2 remote access through SSH
7 Verify the configuration.
1 can view the configuration to see if it meets the requirements. In the corresponding port, run the display this command, you can view all the port configuration,
2 Ping, generate some traffic on port security configuration port, and then view the security MAC address entries.
Can view secure MAC entries corresponding port in a system view using display mac-address sticky + port number command (Note: If no turn Sticky MAC functions required display mac-address security + port number command to view the security of dynamic MAC entries port ).