华为交换机VTY用户界面属性配置教程 | 您所在的位置:网站首页 › 华为交换机配置用户命令 › 华为交换机VTY用户界面属性配置教程 |
用户通过Telnet或SSH方式登录设备实现本地或远程维护时,可以根据用户使用需求以及对设备安全的考虑来配置VTY,除对VTY类型用户界面呼入呼出进行限制的ACL号、用户名和口令及用户界面的验证方式外其他参数设备均有缺省值,用户可以结合实际需求和安全性考虑选择配置。 1、设置通过账号和密码登陆VTY界面1.1、进入VTY用户界面视图 [Huawei]user-interface vty ? INTEGER The first user terminal interface to be configured [Huawei]user-interface vty 0 4 [Huawei-ui-vty0-4]1.2、设置用户验证方式为AAA验证(即通过账号和密码登陆) [Huawei-ui-vty0-4]authentication-mode ? aaa AAA authentication none Login without checking password Authentication through the password of a user terminal interface [Huawei-ui-vty0-4]authentication-mode aaa1.3、设置登陆的账号和密码 [Huawei-ui-vty0-4]q [Huawei]aaa [Huawei-aaa]local-user ? STRING User name, in form of 'user@domain'. Can use wildcard '*', while displaying and modifying, such as *@isp,user@*,*@*.Can not include invalid character / \ : * ? " | @ ' [Huawei-aaa]local-user 023wg.com ? access-limit Set access limit of user(s) ftp-directory Set user(s) FTP directory permitted idle-timeout Set the timeout period for terminal user(s) password Set password privilege Set admin user(s) level service-type Service types for authorized user(s) state Activate/Block the user(s) user-group User group [Huawei-aaa]local-user 023wg.com password ? cipher User password with cipher text [Huawei-aaa]local-user 023wg.com password cipher www.023wg.com1.4、设置账号的使用类型为Telnet或SSH [Huawei-aaa]local-user username service-type telnet 或 [Huawei-aaa]local-user username service-type ssh2、设置只通过密码登陆VTY 2.1、置用户验证方式为密码验证 [Huawei-ui-vty0-4]authentication-mode password2.2、设置登陆密码 [Huawei-ui-vty0-4]set authentication password cipher ? STRING/ Plain text/cipher text password [Huawei-ui-vty0-4]set authentication password cipher ChaseAug3、设置直接登陆VTY(此模式不安全) [Huawei-ui-vty0-4]authentication-mode none4、配置VTY用户界面的用户优先级 缺省情况下,VTY用户界面对应的默认命令访问级别是0,实际工作如果对权限要求不是特别严格,一本设置为15级。 [Huawei-ui-vty0-4]user privilege level ? INTEGER Set a priority [Huawei-ui-vty0-4]user privilege level 155、启用VTY终端服务 [Huawei-ui-vty0-4]shell6、设置用户超时断连时间 [Huawei-ui-vty0-4]idle-timeout ? INTEGER Set the number of minutes before a terminal user times out(default: 10minutes)7、设置终端屏幕每屏显示的行数 [Huawei-ui-vty0-4]screen-length ? INTEGER Display the number of lines on a screen (the value 0 indicates none split screen, and the default value is 24)8、设置终端屏幕显示的列数 [Huawei-ui-vty0-4]screen-width ? INTEGER Screen width value, the default is 809、设置历史命令缓存条数 [Huawei-ui-vty0-4]history-command ? max-size Set the size of the maximum history buffer, the default value is 10 [Huawei-ui-console0]history-command max-size ? INTEGER The size of a history buffer10、VTY用户界面支持的登陆协议 [Huawei-ui-vty0-4]protocol inbound ? all All protocols ssh SSH protocol telnet Telnet protocol11、配置VTY用户界面的最大个数 VTY用户界面最大个数是指登录设备的Telnet用户和SSH用户的总和。 当配置VTY用户界面最大个数为0时,任何用户(包括网管用户)都无法通过VTY登录到设备。 如果要配置的VTY类型用户界面的最大个数小于当前在线用户的数量,则系统提示配置失败。如果要配置的VTY类型用户界面的最大个数大于当前最多可以登录用户的数量,就必须为新增加的用户界面配置验证方式。 [Huawei]user-interface maximum-vty ? INTEGER The maximum number of VTY users, the default value is 512、配置VTY用户界面的基于ACL的登录限制 [Huawei-ui-vty0-4]acl ? INTEGER Apply basic or advanced ACL ipv6 Filter IPv6 addresses [Huawei-ui-vty0-4]acl 2000 ? inbound Filter login connections from the current user interface outbound Filter logout connections from the current user interface13、查看VTY用户界面信息 [Huawei]display user-interface vty 0 4 Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int 38 VTY 4 - 15 - N - + : Current UI is active. F : Current UI is active and work in async mode. Idx : Absolute index of UIs. Type : Type and relative index of UIs. Privi: The privilege of UIs. ActualPrivi: The actual privilege of user-interface. Auth : The authentication mode of UIs. A: Authenticate use AAA. N: Current UI need not authentication. P: Authenticate use current UI's password. Int : The physical location of UIs.14、查看VTY类型用户界面的最大个数 [Huawei]display user-interface maximum-vty Maximum of VTY user:15 |
CopyRight 2018-2019 实验室设备网 版权所有 |