telnet远程管理和aaa认证配置思路

时间:2024-04-13 15:09:35

telnet远程管理和aaa认证配置思路

这是我的拓扑图

注意:我配置了sw1的远程管理,用AR-1设备去连接交换机的SW-1配置好的telnet远程管理和aaa认证模式

条件:一台2220的路由器,两台5700交换机
==========================================================
SW-1配置IP地址:
<Huawei>system-view
[Huawei]sysname SW-1   修改主机名:SW-1
[SW-1]interface Vlanif 1   进vlan1接口
[SW-1-Vlanif1]ip address 192.168.1.100 255.255.255.0   配置IP地址和子网掩码
[SW-1-Vlanif1]dis ip interface brief   查看IP地址信息
============================================================================
SW-2配置IP地址:
<Huawei>system-view 
[Huawei]sysname SW-2   修改主机名为:SW-2
[SW-2]interface Vlanif 1   进vlan1接口
[SW-2-Vlanif1]ip address 192.168.2.1 255.255.255.0  配置IP地址和子网掩码
[SW-2-Vlanif1]dis ip interface brief 查看IP地址信息
==============================================================================
AR-1配置IP地址:
<Huawei>system-view
[Huawei]sysname AR-1   修改主机名为:AR-1
[AR-1]interface GigabitEthernet 0/0/0  进g口0/0/0接口
[AR-1-GigabitEthernet0/0/0]ip address 192.168.1.100 255.255.255.0   配置IP地址和子网掩码
[AR-1-GigabitEthernet0/0/0]display ip interface brief  查看IP地址信息
[AR-1-GigabitEthernet0/0/0]quit  退到上一层
[AR-1]interface GigabitEthernet 0/0/1 进g口0/0/1接口
[AR-1-GigabitEthernet0/0/1]ip address 192.168.2.254 255.255.255.0 配置IP地址和子网掩码
=======================================================================================
IP地址配置完之后 先ping一下看看能不能交换机和路由器能不能ping通
[SW-2-Vlanif1]ping 192.168.2.100   这是本地的IP地址
  PING 192.168.2.100: 56  data bytes, press CTRL_C to break
    Reply from 192.168.2.100: bytes=56 Sequence=1 ttl=255 time=1 ms
    Reply from 192.168.2.100: bytes=56 Sequence=2 ttl=255 time=10 ms
    Reply from 192.168.2.100: bytes=56 Sequence=3 ttl=255 time=30 ms
    Reply from 192.168.2.100: bytes=56 Sequence=4 ttl=255 time=10 ms
    Reply from 192.168.2.100: bytes=56 Sequence=5 ttl=255 time=1 ms

  --- 192.168.2.100 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/10/30 ms
[SW-2-Vlanif1]ping 192.168.2.254  这是路由的网关IP地址
  PING 192.168.2.254: 56  data bytes, press CTRL_C to break
    Reply from 192.168.2.254: bytes=56 Sequence=1 ttl=255 time=60 ms
    Reply from 192.168.2.254: bytes=56 Sequence=2 ttl=255 time=50 ms
    Reply from 192.168.2.254: bytes=56 Sequence=3 ttl=255 time=40 ms
    Reply from 192.168.2.254: bytes=56 Sequence=4 ttl=255 time=40 ms
    Reply from 192.168.2.254: bytes=56 Sequence=5 ttl=255 time=50 ms
  --- 192.168.2.100 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/10/30 ms
==================================================================================
如果可以ping通,可以配置aaa认证和telnet远程管理:
回到sw-1配置aaa认证:
[SW-1]user-interface vty 0 4 远程登录配置视图
[SW-1-ui-vty0-4]authentication-mode aaa  开启aaa认证
[SW-1-ui-vty0-4]user privilege level 3 设置权限为3
[SW-1-ui-vty0-4]aaa  进aaa模式
[SW-1-aaa]local-user admin password simple 123   配置用户名为admin,密码为123
[SW-1-aaa]dis this 查看aaa模式下的配置信息
[SW-1-aaa]local-user admin service-type telnet 开启telnet远程方式
去远端路由器连接配置好的交换机
<AR-1>telnet 192.168.1.100
  Press CTRL_] to quit telnet mode
  Trying 192.168.1.100 ...
  Connected to 192.168.1.100 ...


Login authentication


Username:admin
Password:
Info: The max number of VTY users is 5, and the number
      of current VTY users on line is 1.
      The current login time is 2020-02-03 16:08:03.
<SW-1>
==================================================
这就完成了Telnet远程和配置aaa认证