华为交换机、路由器设置账号密码,常用命令
来源:原创
时间:2024-03-07
作者:脚本小站
分类:网络
查看当前接口的地址等信息:
display this
查看当前配置:
display current-configuration
设置IP:
int Vlanif 1 ip address 192.168.100.1
设置密码:
[S1-Vlanif1]user console 0 [S1-ui-console0]authentication-mode password [S1-ui-console0]set authentication password simple huawei # 设置密码为明文密码huawei
设置telnet登陆密码:
<S1>system-view [S1]user vty 0 4 [S1-ui-vty0-4]authentication-mode password [S1-ui-vty0-4]set authentication password simple 123456
进入aaa模式:
[S1]aaa #进入aaa模式 [S1-aaa]local-user user1 password simple testuser privilege level 0 # 添加用户user1 设置用户基本为level 0 [S1-aaa]local-user user1 service-type telnet # 设置服务模式为telnet登陆 [S1-aaa] [S1-aaa]local-user admin password simple admin123 privilege level 3 # 创建一个用户为admin密码为admin123 用户级别为level 3,3为管理员级别 [S1-aaa]local-user user1 service-type telnet # 设置服务模式为telnet登陆
查询刚刚的配置:
[S1-aaa]display current-configuration # sysname S1 # undo info-center enable # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin123 # 创建的密码 local-user admin privilege level 3 local-user admin service-type telnet local-user user1 password simple testuser local-user user1 privilege level 0 local-user user1 service-type telnet # interface Vlanif1 ip address 192.168.100.1 255.255.255.0 # interface MEth0/0/1 # interface Ethernet0/0/1 # interface Ethernet0/0/2 # interface Ethernet0/0/3 # interface Ethernet0/0/4 # interface Ethernet0/0/5 # interface Ethernet0/0/6 # interface Ethernet0/0/7 # interface Ethernet0/0/8 # interface Ethernet0/0/9 # interface Ethernet0/0/10 # interface Ethernet0/0/11 # interface Ethernet0/0/12 # interface Ethernet0/0/13 # interface Ethernet0/0/14 # interface Ethernet0/0/15 # interface Ethernet0/0/16 # interface Ethernet0/0/17 # interface Ethernet0/0/18 # interface Ethernet0/0/19 # interface Ethernet0/0/20 # interface Ethernet0/0/21 # interface Ethernet0/0/22 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # user-interface con 0 authentication-mode password set authentication password simple huawei # 创建的账号 user-interface vty 0 4 set authentication password simple 123456 # return [S1-aaa]
允许以不同的级别登陆telnet
[S1-aaa]user vty 0 4 [S1-ui-vty0-4]authentication-mode aaa
从S2登陆到S1:
普通用户登陆:
<S2>telnet 192.168.100.1 Trying 192.168.100.1 ... Press CTRL+K to abort Connected to 192.168.100.1 ... Login authentication Username:user1 # 用普通用户登陆 Password: Info: The max number of VTY users is 5, and the number of current VTY users on line is 1. The current login time is 2024-03-07 15:16:02. <S1>system-view # 普通用户无法进入到系统视图 ^ Error: Unrecognized command found at '^' position. <S1>
管理员用户登陆:
<S2>telnet 192.168.100.1 Trying 192.168.100.1 ... Press CTRL+K to abort Connected to 192.168.100.1 ... Login authentication Username:admin # 使用管理员登录S1 Password: Info: The max number of VTY users is 5, and the number of current VTY users on line is 1. The current login time is 2024-03-07 15:18:01. <S1>system-view # 管理员可以进入到系统视图 Enter system view, return user view with Ctrl+Z. [S1]
给端口加描述信息:
[S1]int g0/0/1 [S1-GigabitEthernet0/0/1]des [S1-GigabitEthernet0/0/1]description tos2port
关闭速率自动协商:然后可以设置速率
[S1-GigabitEthernet0/0/1]undo negotiation auto # [S1-GigabitEthernet0/0/1]speed 1000 # 设置了1000不显示,默认就是1000 [S1-GigabitEthernet0/0/1]display this # interface GigabitEthernet0/0/1 undo negotiation auto description tos2port # return [S1-GigabitEthernet0/0/1]speed 100 # 设置了100就显示了 [S1-GigabitEthernet0/0/1]display this # interface GigabitEthernet0/0/1 undo negotiation auto speed 100 description tos2port # return [S1-GigabitEthernet0/0/1]
设置端口的单双工模式:默认全双工,不显示
[S1-GigabitEthernet0/0/1]duplex full [S1-GigabitEthernet0/0/1]duplex half # 此处设置半双工,会显示 [S1-GigabitEthernet0/0/1]display this # interface GigabitEthernet0/0/1 undo negotiation auto speed 100 duplex half description tos2port # return
关闭端口:
[S1-GigabitEthernet0/0/1]shutdown [S1-GigabitEthernet0/0/1]display this # interface GigabitEthernet0/0/1 undo negotiation auto speed 100 description tos2port shutdown # return
开启端口:
[S1-GigabitEthernet0/0/1]undo shutdown [S1-GigabitEthernet0/0/1]display this # interface GigabitEthernet0/0/1 undo negotiation auto speed 100 description tos2port # return
创建端口组,批量设置端口:
[S1]port-group 1 [S1-port-group-1]group-member g0/0/1 to g0/0/3 [S1-port-group-1]description group1 # 批量添加描述 [S1-GigabitEthernet0/0/1]description group1 [S1-GigabitEthernet0/0/2]description group1 [S1-GigabitEthernet0/0/3]description group1 [S1-port-group-1]display this # port-group 1 group-member GigabitEthernet0/0/1 group-member GigabitEthernet0/0/2 group-member GigabitEthernet0/0/3 # return [S1-port-group-1]
显示mac地址
<Huawei>display mac-address MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98f4-50d2 1 - - Eth0/0/1 dynamic 0/- 5489-98d9-1302 1 - - GE0/0/1 dynamic 0/- ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 2
端口和MAC地址绑定
<Huawei>system-view [Huawei]port-group 1to2 [Huawei-port-group-1to2]group-member Ethernet 0/0/1 to Ethernet 0/0/2 # 添加成员 [Huawei-port-group-1to2]port-security enable # 启用端口安全 [Huawei-Ethernet0/0/1]port-security enable [Huawei-Ethernet0/0/2]port-security enable [Huawei-port-group-1to2]port-security protect-action shutdown # 违反规定关闭端口 [Huawei-Ethernet0/0/1]port-security protect-action shutdown [Huawei-Ethernet0/0/2]port-security protect-action shutdown [Huawei-port-group-1to2]port-security mac-address sticky #将端口与mac地址绑定 [Huawei-Ethernet0/0/1]port-security mac-address sticky [Huawei-Ethernet0/0/2]port-security mac-address sticky
Type变成sticky了,mac地址就不能变了,如果对应的端口mac地址变了,端口就会shutdown
[Huawei]display mac-address MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-985c-1938 1 - - Eth0/0/1 sticky - 5489-98d9-1302 1 - - Eth0/0/2 sticky - ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 2 MAC address table of slot 0: ------------------------------------------------------------------------------- MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID VSI/SI MAC-Tunnel ------------------------------------------------------------------------------- 5489-98f4-50d2 1 - - GE0/0/1 dynamic 0/- ------------------------------------------------------------------------------- Total matching items on slot 0 displayed = 1
重新开启端口
[Huawei-Ethernet0/0/1]display this # interface Ethernet0/0/1 shutdown port-security enable port-security protect-action shutdown port-security mac-address sticky # return [Huawei-Ethernet0/0/1]undo shutdown # 开启端口 [Huawei-Ethernet0/0/1]display this # interface Ethernet0/0/1 port-security enable port-security protect-action shutdown port-security mac-address sticky # return [Huawei-Ethernet0/0/1]
限制接口数量:
[Huawei]int g0/0/1 [Huawei-GigabitEthernet0/0/1]port-security enable # 开启安全策略 [Huawei-GigabitEthernet0/0/1]port-security protect-action shutdown # 违反策略做出的动作 [Huawei-GigabitEthernet0/0/1]port-security max-mac-num 2 # 限制数量 [Huawei-GigabitEthernet0/0/1]port-security mac-address sticky # 限制端口
清空配置:
[Huawei]clear configuration interface GigabitEthernet 0/0/1
配置地址池:
<Huawei>system-view [Huawei]sysname R1 [R1]dhcp enable [R1]ip pool 1 # 创建地址池 [R1-ip-pool-1]network 192.168.1.0 mask 24 # 设置网段 [R1-ip-pool-1]gateway-list 192.168.1.1 # 网关地址 [R1-ip-pool-1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip address 192.168.1.1 24 # 为这个口设置网关 [R1-GigabitEthernet0/0/0]dhcp select global # 选择全局地址池,这里不用选地址池,因为会根据网关地址来选择地址池 配置192.168.2.0/24 网段的地址池 [R1]ip pool 2 [R1-ip-pool-2]network 192.168.2.0 mask 24 [R1-ip-pool-2]gateway-list 192.168.2.1 [R1-ip-pool-2]int e0/0/1 [R1-Ethernet0/0/1]int e0/0/0 [R1-Ethernet0/0/0] [R1-Ethernet0/0/0]ip address 192.168.2.1 24 [R1-Ethernet0/0/0]dhcp select global
查看路由:
display ip routing-table