感谢大神!!!
1.设置多个本地用户登录账户及密码,配置不同权限级别(一定要输入用户名)
2.设置多个远程登录账户用户名及密码,配置不同权限级别(ssh协议,不能使用telnet)
3.关闭http、ip source-route、cdp,开启https、ssh、aaa协议
4.通过自身访问控制列表设置,远程登录仅允许10.177.178.31登录
(0)
您好,请知:
参考命令如下:
1.设置多个本地用户登录账户及密码,配置不同权限级别(一定要输入用户名)
答:
2、创建管理员账号,并赋予最高权限,仅允许SSH登录
[H3C]local-user admin
New local user added.
[H3C-luser-manage-admin]password simple admin
[H3C-luser-manage-admin]service-type ssh
[H3C-luser-manage-admin]authorization-attribute user-role network-admin
[H3C-luser-manage-admin]quit
3、创建访客账号,赋予1级权限,仅允许SSH登录
[H3C]local-user user
New local user added.
[H3C-luser-manage-user]password simple 123456
[H3C-luser-manage-user]service-type ssh
[H3C-luser-manage-user]authorization-attribute user-role level-1
[H3C-luser-manage-user]quit
2、创建管理员账号,并赋予最高权限,仅允许SSH登录
[H3C]local-user admin
New local user added.
[H3C-luser-manage-admin]password simple admin
[H3C-luser-manage-admin]service-type ssh
[H3C-luser-manage-admin]authorization-attribute user-role network-admin
[H3C-luser-manage-admin]quit
3、创建访客账号,赋予1级权限,仅允许SSH登录
[H3C]local-user user
New local user added.
[H3C-luser-manage-user]password simple 123456
[H3C-luser-manage-user]service-type ssh
[H3C-luser-manage-user]authorization-attribute user-role level-1
[H3C-luser-manage-user]quit
4、开启SSH功能
[H3C]ssh server enable
5、在VTY调用本地用户登录
[H3C]line vty 0 4
[H3C-line-vty0-4]authentication-mode scheme
[H3C-line-vty0-4]protocol inbound ssh
[H3C-line-vty0-4]quit
2.设置多个远程登录账户用户名及密码,配置不同权限级别(ssh协议,不能使用telnet)
答:
2、创建管理员账号,并赋予最高权限,仅允许SSH登录
[H3C]local-user admin
New local user added.
[H3C-luser-manage-admin]password simple admin
[H3C-luser-manage-admin]service-type ssh
[H3C-luser-manage-admin]authorization-attribute user-role network-admin
[H3C-luser-manage-admin]quit
3、创建访客账号,赋予1级权限,仅允许SSH登录
[H3C]local-user user
New local user added.
[H3C-luser-manage-user]password simple 123456
[H3C-luser-manage-user]service-type ssh
[H3C-luser-manage-user]authorization-attribute user-role level-1
[H3C-luser-manage-user]quit
4、开启SSH功能
[H3C]ssh server enable
5、在VTY调用本地用户登录
[H3C]line vty 0 4
[H3C-line-vty0-4]authentication-mode scheme
[H3C-line-vty0-4]protocol inbound ssh
[H3C-line-vty0-4]quit
3.关闭http、ip source-route、cdp,开启https、ssh、aaa协议
答:
undo ip http enable
ip https enable
4.通过自身访问控制列表设置,远程登录仅允许10.177.178.31登录
答:
acl basic 2000
rule 0 permit source 10.177.178.31 0
quit
ssh server acl 2000
或
acl basic 2000
rule 0 permit source 10.177.178.31 0
quit
user-interface vty 0 4
acl 2000 inbound
quit
(1)
1、上个堡垒机
2、上个堡垒机
3、undo ip http 、ip https enable
4、上个堡垒机
(0)
需要详细的配置命令
1和2通过权限以及分配的服务控制
local-user admin class manage
password s admin
service-type ssh terminal https
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
#
local-user test class manage
password s test
service-type https ssh
authorization-attribute user-role network-operator
#
类似这样修改权限。
3:
开启https、ssh、aaa协议
AAA需要有radis服务器。
ip https enable
ssh server enable
4:
acl ba 2000
ru 0 pe sou 10.177.178.31 0
ip https acl 2000
ssh server acl 2000
(0)
您好,参考
1和2可以用,在本地用户视图下配置如下命令:
authorization-attribute user-role level-x/network-admin
其中level-15和network-admin权限是一样的
3、undo ip http
undo ip https enable
4、可以使用ACL来限制,并与telnet绑定到一起,参考配置如下:
acl basic 2000
rule 0 permit source 10.177.178.31 0
quit
telnet server acl 2000
或
acl basic 2000
rule 0 permit source 10.177.178.31 0
quit
user-interface vty 0 4
acl 2000 inbound
quit
(1)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
[H3C-line-vty0-4]protocol inbound ssh---这条命令敲不上,只有以下: [H3C-line-vty0-4]? Line view commands: activation-key Specify a character to begin a terminal session authentication-mode Login authentication mode auto-execute Automatic execution configuration cfd Connectivity Fault Detection (CFD) module command Command authorization and accounting databits Set the databits of line diagnostic-logfile Diagnostic log file configuration display Display current system information emulate-ping Emulate ping function end Alias for 'return' escape-key Escape key sequence configuration exit Alias for 'quit' flow-control Set a flow control mode history-command History command buffer configuration idle-timeout User connection idle timeout ip Specify IP configuration lock Lock the current line lock-key Specify a shortcut key for locking the current line logfile Log file configuration monitor System monitor no Alias for 'undo' parity Set the parity check method ping Ping function protocol Set the protocols to be supported by the line quit Exit from current command view repeat Repeat executing history commands return Exit to User View save Save current configuration screen-length Specify the number of lines to be displayed on a screen security-logfile Security log file configuration set Specify line parameters shell Enable terminal user service show Alias for 'display' speed Line transmission speed stopbits Specify the stop bit of line terminal Specify terminal attribute tracert Tracert function undo Cancel current setting user-role Specify user role configuration information write Alias for 'save'