1.telnet配置
system-view//进入视图模式
user-interface vty 0 4 //进入虚拟终端 0 4
authentication-mode password //设置认证方式为密码验证方式为password
set authentication password simple 123456 设置登陆验证的password为明文密码”123456”也可以用cipher加密模式
user privilege level 3 配置登陆用户的级别为*别3(缺省为级别1)
2.配置vlan1的ip地址
[H3C]system-view//进入视图模式
[H3C]interface Vlan-interface 1//进入vlan 1接口模式
为该接口设置IP:
[H3C-Vlan-interface1]ip address 192.168.40.40 255.255.255.0//设置ip地址和子网掩码
[H3C]system-view//进入视图模式
[H3C]interface Vlan-interface 1//进入vlan 1接口模式
为该接口设置IP:
[H3C-Vlan-interface1]ip address 192.168.40.40 255.255.255.0//设置ip地址和子网掩码
3.配置web用户
[H3C] local-user zh888
[H3C-luser-admin] service-type telnet
[H3C-luser-admin] password simple admin
[H3C-luser-admin] authorization-attribute level 3
4.配置ssh连接
[H3C]public-key local create rsa//RSA公钥加密算法
% The local-key-pair already exist.
Confirm to replace them? [Y/N]:
Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
.....++++++
.................++++++
......
% The local-key-pair already exist.
Confirm to replace them? [Y/N]:
Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
.....++++++
.................++++++
......
[H3C]public-key local create dsa
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+..+.......................+..........+..............+.............+...+.....+...............+..+......+.................+..........+...+....+.......+.....+............+.
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 1024]:
Generating keys...
.++++++++++++++++++++++++++++++++++++++++++++++++++*
........+......+.....+......................................+..+.......................+..........+..............+.............+...+.....+...............+..+......+.................+..........+...+....+.......+.....+............+.
[H3C]user-interface vty 0 4//进入虚拟终端接口vty 0 4
[H3C-ui-vty0-4]authentication-mode scheme/创建本地用户启动scheme验证
[H3C-ui-vty0-4]protocol inbound ssh //设置协议为ssh
[H3C-ui-vty0-4]quit //退出
[H3C]local-user root//添加本地用户root
New local user added.
[H3C-luser-root]password cipher 123456//设置加密密码
[H3C-luser-root]service-type ssh level 3 //设置访问类型为ssh级别为3
[H3C-luser-root]quit //退出
[H3C]ssh user root authentication-type password//设置认证模式为password
[H3C-ui-vty0-4]authentication-mode scheme/创建本地用户启动scheme验证
[H3C-ui-vty0-4]protocol inbound ssh //设置协议为ssh
[H3C-ui-vty0-4]quit //退出
[H3C]local-user root//添加本地用户root
New local user added.
[H3C-luser-root]password cipher 123456//设置加密密码
[H3C-luser-root]service-type ssh level 3 //设置访问类型为ssh级别为3
[H3C-luser-root]quit //退出
[H3C]ssh user root authentication-type password//设置认证模式为password
5.查看全部配置
[H3C]dis cu//查看所有的配置信息
[H3C]dis cu//查看所有的配置信息
<H3C>dis current-configuration
#
sysname H3C
#
loopback-detection enable
#
gvrp
#
radius scheme system
#
domain system
#
#
sysname H3C
#
loopback-detection enable
#
gvrp
#
radius scheme system
#
domain system
#
local-user root
password cipher OUM!K%F<+$[Q=^Q`MAF4<1!!
service-type ssh telnet
level 3
local-user zh888
password simple 123456
service-type telnet
level 3
password cipher OUM!K%F<+$[Q=^Q`MAF4<1!!
service-type ssh telnet
level 3
local-user zh888
password simple 123456
service-type telnet
level 3
interface Ethernet1/0/17
port access vlan 60
loopback-detection enable
#
interface Ethernet1/0/18
port access vlan 60
loopback-detection enable
#
interface Ethernet1/0/19
loopback-detection enable
#
interface Ethernet1/0/20
loopback-detection enable
#
interface Ethernet1/0/21
loopback-detection enable
#
interface Ethernet1/0/22
loopback-detection enable
#
interface Ethernet1/0/23
loopback-detection enable
#
interface Ethernet1/0/24
port link-type trunk
port trunk permit vlan all
loopback-detection enable
gvrp
#
interface Ethernet1/1/1
#
interface Ethernet1/1/2
shutdown
#
interface Ethernet1/2/1
#
interface Ethernet1/2/2
shutdown
#
interface NULL0
port access vlan 60
loopback-detection enable
#
interface Ethernet1/0/18
port access vlan 60
loopback-detection enable
#
interface Ethernet1/0/19
loopback-detection enable
#
interface Ethernet1/0/20
loopback-detection enable
#
interface Ethernet1/0/21
loopback-detection enable
#
interface Ethernet1/0/22
loopback-detection enable
#
interface Ethernet1/0/23
loopback-detection enable
#
interface Ethernet1/0/24
port link-type trunk
port trunk permit vlan all
loopback-detection enable
gvrp
#
interface Ethernet1/1/1
#
interface Ethernet1/1/2
shutdown
#
interface Ethernet1/2/1
#
interface Ethernet1/2/2
shutdown
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.40.254 preference 60
#
ip route-static 0.0.0.0 0.0.0.0 192.168.40.254 preference 60
#
snmp-agent
snmp-agent local-engineid 800063A23CE5A6B774176877
snmp-agent community read monitor
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 192.168.40.39 params securityname public v2c
snmp-agent local-engineid 800063A23CE5A6B774176877
snmp-agent community read monitor
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 192.168.40.39 params securityname public v2c
#
ssh authentication-type default password
ssh user root authentication-type password
ssh user root service-type stelnet
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
set authentication password cipher 6aJ+S);RF&YUIM;GUL")0Q!!
protocol inbound ssh
ssh authentication-type default password
ssh user root authentication-type password
ssh user root service-type stelnet
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
set authentication password cipher 6aJ+S);RF&YUIM;GUL")0Q!!
protocol inbound ssh
6.配置snmp-agent让cacti监控
[H3C]system-view//进入视图模式
[H3C]snmp-agent sys-info version v2c //启动snmp agent服务,并设置v2c,v3版本的团体名
[H3C]snmp-agent community read monitor
[H3C]snmp-agent community read monitor
[H3C]snmp-agent trap enable//开启trap报文
[H3C]snmp-agent target-host trap address udp-domain 192.168.40.39 udp-port 162 params securityname monitor v2c //40.39为cacti机器的ip地址
7.配置gvrp
[H3C]system view//进入视图模式
[H3C]gvrp//开启全局模式GVRP
interface Ethernet1/0/24//进入24接口配置trunk端口,并允许所有vlan通过
[H3C]port link-type trunk//设置为trunk模式
[H3C]port trunk permit vlan all//允许所有vlan通过
[H3C]gvrp//在trunk的端口上开启gvrp
[H3C]quit//退出
在b的交换机器上也是同样的操作,最后display vlan dynamic
本文转自zh888 51CTO博客,原文链接:http://blog.51cto.com/zh888/852075,如需转载请自行联系原作者