华为设备经典的地址以及远程登录(VTY)实施

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了华为设备经典的地址以及远程登录(VTY)实施相关的知识,希望对你有一定的参考价值。

AR1--------SW

首先配置路由器
<Huawei>sys //进入系统视图模式,能配置更多的命令
Enter system view, return user view with Ctrl+Z.
[Huawei]sys AR1 //路由器进行重命名,为了方便区分不同机器
[AR1]int g
[AR1]int GigabitEthernet 0/0/1 //进入界面接口0/0/1 模式,只对这一个接口进行命令配置
[AR1-GigabitEthernet0/0/1]ip add 10.1.10.30 255.255.255.224 //在接口模式下配置IP地址,指定了这个接口的静态IP
[AR1-GigabitEthernet0/0/1]ip add 10.1.10.30 255.255.255.224
Sep 16 2018 12:30:51-08:00 AR1 %%01IFNET/4/LINKSTATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[AR1-GigabitEthernet0/0/1]dis th //显示这个接口的配置信息
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 10.1.10.30 255.255.255.224
#
return
[AR1-GigabitEthernet0/0/1]return //返回用户视图模式
<AR1>
<AR1>tenlet 10.1.10.10
^
Error: Unrecognized command found at ‘^‘ position.
<AR1>telnet 10.1.10.10 //用户视图模式下通过Telnet远程登录交换机,只有用户视图下才能远程连接
Press CTRL
] to quit telnet mode
Trying 10.1.10.10 ...
Connected to 10.1.10.10 ...

Login authentication

Password: //登录成功输入密码
Info: The max number of VTY users is 5, and the number
of current VTY users on line is 1.
The current login time is 2018-09-16 12:43:39.
<SwitchA> //登录成功,显示交换机用户视图
<SwitchA>
<SwitchA>
<SwitchA>sys //进入交换机的系统视图模式
Enter system view, return user view with Ctrl+Z.

配置交换机
<Huawei>
<Huawei>
<Huawei>sys //进入系统视图模式
Enter system view, return user view with Ctrl+Z.
[Huawei]sys SwitchA //交换机进行重命名
[SwitchA]
Sep 16 2018 12:31:23-08:00 SwitchA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 4, the change loop count is 0, and the maximum number of records is 4095.
[SwitchA]int vlanif 1 //进入Vlanif1虚拟界面接口1配置模式
[SwitchA-Vlanif1]ip add 10.1.10.30 255.255.255.224 //在虚拟接口下配置IP地址,在物理接口下是不能配置IP地址的
[SwitchA-Vlanif1]
Sep 16 2018 12:31:54-08:00 SwitchA %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface Vlanif1 has entered the UP state.
[SwitchA-Vlanif1]dis th //显示这个接口的配置信息
#
interface Vlanif1
ip address 10.1.10.30 255.255.255.224
#
return
[SwitchA-Vlanif1]
Sep 16 2018 12:32:03-08:00 SwitchA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 5, the change loop count is 0, and the maximum number of records is 4095.
[SwitchA-Vlanif1]quti
^
Error: Unrecognized command found at ‘^‘ position.
[SwitchA-Vlanif1]quit //退回上一层配置模式
[SwitchA]user-in
[SwitchA]user-interface vty 0 4 //进入用户界面里的远程配置模式,可以有多个用户同时进入交换机
[SwitchA-ui-vty0-4]aut
[SwitchA-ui-vty0-4]authentication-mode pass
[SwitchA-ui-vty0-4]authentication-mode password //在认证模式下选择密码认证
[SwitchA-ui-vty0-4]set aut
[SwitchA-ui-vty0-4]set authentication pass
[SwitchA-ui-vty0-4]set authentication password yyb-qytang
^
Error: Unrecognized command found at ‘^‘ position.
[SwitchA-ui-vty0-4]set authentication password c
[SwitchA-ui-vty0-4]set authentication password cipher yyb-qytang //设置认证密码以密文模式下
[SwitchA-ui-vty0-4]
Sep 16 2018 12:34:23-08:00 SwitchA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 6, the change loop count is 0, and the maximum number of records is 4095.
[SwitchA-ui-vty0-4]dis th //显示这个接口的配置信息
#
user-interface con 0
user-interface vty 0 4
set authentication password cipher }v.E/rh)PRVE~rNUsCR!!#I#
#
Return
return
[SwitchA-ui-vty0-4]return //返回用户视图模式
<SwitchA>ping 10.1.10.30 //测试连接路由器成功
PING 10.1.10.30: 56 data bytes, press CTRL_C to break
Reply from 10.1.10.30: bytes=56 Sequence=1 ttl=255 time=10 ms
Reply from 10.1.10.30: bytes=56 Sequence=2 ttl=255 time=1 ms
Reply from 10.1.10.30: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 10.1.10.30: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 10.1.10.30: bytes=56 Sequence=5 ttl=255 time=1 ms

--- 10.1.10.30 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/8/30 ms

<SwitchA>ping 10.1.10.10 //测试连接自己失败
PING 10.1.10.10: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out

--- 10.1.10.10 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss //翻看前面设置的IP,不通的原因是设置了和路由器一样的IP

<SwitchA>sys //在次进入系统视图模式
Enter system view, return user view with Ctrl+Z.

#
return
[SwitchA-Vlanif1]ip add 10.1.10.10 255.255.255.224 //从新配置IP地址
[SwitchA-Vlanif1]
Sep 16 2018 12:36:50-08:00 SwitchA %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP on the interface Vlanif1 has entered the UP state.
Sep 16 2018 12:36:53-08:00 SwitchA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 8, the change loop count is 0, and the maximum number of records is 4095.
[SwitchA-Vlanif1]dis th //显示这个接口的配置信息

#
interface Vlanif1
 ip address 10.1.10.10 255.255.255.224
#
return
[SwitchA-Vlanif1]return                     //退到用户视图模式
<SwitchA>ping 10.1.10.10                              //Ping交换机自己成功
  PING 10.1.10.10: 56  data bytes, press CTRL_C to break
    Reply from 10.1.10.10: bytes=56 Sequence=1 ttl=255 time=30 ms
    Reply from 10.1.10.10: bytes=56 Sequence=2 ttl=255 time=1 ms
    Reply from 10.1.10.10: bytes=56 Sequence=3 ttl=255 time=10 ms
    Reply from 10.1.10.10: bytes=56 Sequence=4 ttl=255 time=1 ms
    Reply from 10.1.10.10: bytes=56 Sequence=5 ttl=255 time=1 ms

  --- 10.1.10.10 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 1/8/30 ms

<SwitchA>ping 10.1.10.30                         //Ping路由器成功
  PING 10.1.10.30: 56  data bytes, press CTRL_C to break
    Reply from 10.1.10.30: bytes=56 Sequence=1 ttl=255 time=110 ms
    Reply from 10.1.10.30: bytes=56 Sequence=2 ttl=255 time=20 ms
    Reply from 10.1.10.30: bytes=56 Sequence=3 ttl=255 time=50 ms
    Reply from 10.1.10.30: bytes=56 Sequence=4 ttl=255 time=50 ms
    Reply from 10.1.10.30: bytes=56 Sequence=5 ttl=255 time=40 ms

  --- 10.1.10.30 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/54/110 ms

<SwitchA>sys //进入系统视图模式
Enter system view, return user view with Ctrl+Z.
[SwitchA]user-in
[SwitchA]user-interface vty 0 4 //进入用户界面里的远程管理模式

[SwitchA-ui-vty0-4]user privilege level 15 //设置用户访问权限等级为最大15级,权限大小决定了能使用命令的多少
[SwitchA-ui-vty0-4]dis th //显示这个接口的配置信息
#
user-interface con 0
user-interface vty 0 4
user privilege level 15
set authentication password cipher }v.E/rh)PRVE~rNUsCR!!#I#
#
return


[SwitchA-ui-vty0-4]
Sep 16 2018 12:42:13-08:00 SwitchA DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25.191.3.1 configurations have been changed. The current change number is 9, the change loop count is 0, and the maximum number of records is 4095.
[SwitchA-ui-vty0-4]return                                
         //配置Telnet远程登录结束,下面开始抓包实验

使用Wireshark对路由器0/0/1接口Telnet登录时进行抓包
 ![](http://i2.51cto.com/images/blog/201809/27/ffcf0ea700a07ac577e0ca3beb093467.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

 ![](http://i2.51cto.com/images/blog/201809/27/bd5c1fd3affce42af7ba27c0cbcaf5fa.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

 ![](http://i2.51cto.com/images/blog/201809/27/bfcb5678cca1a191904e19d2e35778c3.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

 ![](http://i2.51cto.com/images/blog/201809/27/58414f6d5cc3deeca312e2dd1e7c8db5.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

 ![](http://i2.51cto.com/images/blog/201809/27/0e5a38931f469682d4adc2ca6346df4a.png?x-oss-process=image/watermark,size_16,text_QDUxQ1RP5Y2a5a6i,color_FFFFFF,t_100,g_se,x_10,y_10,shadow_90,type_ZmFuZ3poZW5naGVpdGk=)

实验结果:
                  对命令的熟悉,IP地址配置一定要正确,IP配好后一定要确认ping通。
                抓包的数据显示了TCP/IP的分层结构,了解了4层数据封装结构模型,对远程访问的数据的传输形式,Telnet的传输模式不利于数据的保密性,很容易被破解密码。

以上是关于华为设备经典的地址以及远程登录(VTY)实施的主要内容,如果未能解决你的问题,请参考以下文章

华为交换机S5700 vty 0 4

交换机路由器配置远程连接(华为)

华为交换机配置命令详解

玩转华为ENSP模拟器系列 | 配置VTY用户界面的最大个数

如何配置华为交换机登录用户名和密码?

在华为设备实施经典的FTP实验