Huawei s5700 switch initialization and configuration SSH and telnet remote login methods

Huawei S5700 Switch initialization and configuration TELNET Remote login method ：

1, Switch on Telnet service

<Huawei>system-view       # Enter the system view

[Huawei]telnet server ？                    # View yes enable still disable Options , Select the corresponding opening method .
[Huawei]telnet server enable                #enable Option on Telnet service （ This is generally used for ordinary series ）
[Huawei]undo telnet server disable          #disable Option on Telnet service （CE This is generally used for high-end series ）

2, To configure VTY Maximum number of user interfaces （ The maximum number of simultaneous logins ）
[Huawei]user-interface maximum-vty 15 # The default is 5, This can not be set

3, To configure VTY Terminal properties of user interface
[Huawei]user-interface vty 0 14              # It's on it 15 All this is 0 14 If you choose the default here is 0 4
[Huawei-ui-vty0-14]protocol inbound telnet   # To configure vty Support telnet agreement

4, To configure VTY User authentication method of user interface
[Huawei-ui-vty0-14]authentication-mode aaa    # Configure the authentication mode of the user terminal as aaa Certification for aaa authentication
[Huawei-ui-vty0-14]quit                       # sign out vty Configuration interface

5, Configure login authentication method
[Huawei]aaa                                                          # Get into aaa Configuration mode
[Huawei-aaa]local-user admin1234 password ?  # Check the password options you can choose  
[Huawei-aaa]local-user admin1234 password simple Huawei12#$        # Password options simple account number admin1234 password Huawei12#$ ( This is generally used for ordinary series )

[Huawei-aaa]local-user admin1234 password irreversible-cipher Huawei12#$           # Password options irreversible-cipher account number admin1234 password Huawei12#$ (CE This is generally used for high-end series )

[Huawei-aaa]local-user admin1234 service-type telnet               # Configure the access service type , If you need more SSH Please add

[Huawei-aaa]local-user admin1234 privilege level 3                     # Configure the level of the account , Default 3 Level is the authority of super administrator
[Huawei-aaa]quit                             # sign out
<Huawei>telnet 127.0.0.1               # test telnet Configure whether OK
<Huawei>save                                 # Save configuration

===================================================================

Huawei S5700 Switch initialization and configuration SSH and TELNET Remote login method ：

AAA Refer to ：authentication（ authentication ）、authorization（ to grant authorization ）、accounting（ charging ） For short , It is a kind of management mechanism of network security ;Authentication It's local certification / to grant authorization ,authorization and accounting It's from a distance radius（ Remote dial up authentication system ） Service or hwtacacs（ Huawei terminal access control system ） The server completes the authentication / to grant authorization ;AAA It's user based authentication 、 to grant authorization 、 Billing , and NAC The scheme is based on the access device interface for authentication , in application , have access to AAA One or two of these services .

If it is a Huawei switch that has just been initialized , You need to enter the same password twice as the login password to log in to the switch

There are... On the switch console port MEth Management port usb port  

Configure through serial port cable S5700 Management of IP Address , The serial port cable is connected to the switch console mouth ,ip After setting, the network cable is connected to ETH mouth ：

<Quidway> system-view                   
[Quidway] interface MEth 0/0/1
[Quidway] interface MEth 0/0/1          
[Quidway-MEth0/0/1]ip address x.x.x.x 255.255.255.0              /// Set up MEth Management port ip Address
[Quidway-MEth0/0/1]quit
[Quidway]ip route-static 0.0.0.0 0.0.0.0 x.x.x.x（gateway）
[Quidway-MEth0/0/1]display ip interface MEth 0/0/1               /// see MEth Configuration information of management port
[Quidway]  

Add users , Set up ssh telent Remote login
<Quidway> system-view                                        /// Enter system configuration mode
[Quidway]aaa                                                 /// Get into AAA Pattern           
[Quidway-aaa]local-user chy password cipher qaz123456        /// Set the local user name and password   cipher encryption
[Quidway-aaa]local-user chy service-type ssh telnet terminal  /// Set user settings login ssh telnet terminal service
[Quidway-aaa]display ssh server status　　　　　　　　　　　　　/// see ssh Whether the service is effective
[Quidway-aaa]display telnet server status　　　　　　　　　　  /// see telnet Whether the service is effective
[Quidway-aaa]local-user chy privilege level 15               /// Set user level
[Quidway-aaa]q                                               /// sign out AAA Pattern

Set up vty 0 4 Virtual port for remote login

VTY It is the virtual port of the router for remote login ,0 4 Can be opened at the same time 5 One session ,line vty 0 4 Is to enter VTY port , Yes VTY Port configuration , For example, configure password , perhaps ACL.

[Quidway]user-interface vty 0 4                     /// Get into vty 0 4 Remote virtual port
[Quidway-ui-vty0-4]authentication-mode aaa          /// Configure the virtual user terminal AAA Authentication mode
[Quidway-ui-vty0-4]user privilege level 15          /// Configure the user level for the virtual user terminal
[Quidway-ui-vty0-4]protocol inbound all             /// Configure the protocol used for the virtual user terminal ,all That is, both support
[Quidway-ui-vty0-4]protocol inbound telnet          /// Configure the virtual user terminal telnet agreement , You can use telnet Remote login
[Quidway-ui-vty0-4]protocol inbound ssh             /// Configure the virtual user terminal ssh agreement , That is, users can use ssh Remote login
[Quidway]ssh user chy authentication-type password  /// by chy User Settings ssh Certification for password, This command is useful for setting single user settings
[Quidway]ssh authentication-type default password   /// Set up ssh The default authentication method is password authentication , It is very practical for setting up multiple users
[Quidway]ssh user chy service-type stelnet          /// by chy User Settings ssh The type of authentication service is stelnet
[Quidway]display ssh user-information chy           /// see ssh service chy User's configuration information
[Quidway]q　　　　　　　　　　　　　　　　　　　　　　　　/// Exit the system settings view
<Quidway>save　　　　　　　　　　　　　　　　　　　　　　/// Save settings
 

Configure login IP Address
<Quidway> system-view                                                               // Enter system configuration mode  
[Quidway]interface Vlanif 1                                                         // Enter the third floor vlanif Interface
[Quidway-Vlanif1]ip address 192.168.0.1  255.255.255.0                              // Configuration Management IP Address

establish web Log in to the management account

[Quidway]http server enable                                                         /// Open... In the system view http service
[Quidway]http secure-server enable                                                  /// Open... In the system view http Security service namely https
[Quidway]aaa                                                                        // Enter under system view aaa Pattern
[Quidway-aaa]local-user admin privilege level 15                                    /// To configure http Login permissions
[Quidway-aaa]local-user admin service-type http                                     /// Turn on http Login service
[Quidway-aaa]quit                                                                   /// sign out aaa Pattern

If telnet Can log in , but console If you can't log in , You have in aaa in Log in Account To give permission
[Quidway-aaa]local-user admin service-type terminal ssh telnet ftp

establish vlan

<Quidway>system-view　　　　　　　　　　    /// Enter system configuration mode
[Quidway]vlan 10　　　　　　　　　　　　    /// establish vlan 10
[Quidway-vlan10]quit　　　　　　　　　　    /// Exit system configuration mode
[Quidway]interface Vlanif 10　　　　　　　 /// Enter the configuration vlan 10 The pattern of
[Quidway-Vlanif10]ip address 192.168.0.1 255.255.255.0  /// by vlan 10 To configure IP Address and mask
[Quidway-vlan10]quit　　　　　　　　　　    /// Exit system configuration mode
[Quidway-GigabitEthernet0/0/2]　　　　　　 /// Access port 2
[Quidway-GigabitEthernet0/0/2]port link-type access　　/// Set the port type to access
[Quidway-GigabitEthernet0/0/2]port default vlan 10　　 /// take port Join our created vlan 10
[Quidway-GigabitEthernet0/0/2]display vlan 　　　　/// View configured vlan Information
[Quidway]q　　　　　　　　　　　　　　　　　　　　　　　　    /// Exit the system settings view

Batch creation vlan

<Quidway>system-view　　　　　　　　　　    /// Enter system configuration mode
[Quidway]vlan batch 2 to 19　　　　　　　　　　　 /// Batch creation vlan 2-19 , The system will have a default vlan 1
[Quidway]display vlan　　　　　　　　　　　　　　  /// see vlan Information
[Quidway]q　　　　　　　　　　　　　　　　　　　　　 /// Exit the system settings view

Batch deletion vlan

<Quidway>system-view　　　　　　　　　　    /// Enter system configuration mode
[Quidway]undo vlan batch 2 to 19　　　　　 /// Batch deletion vlan 2-19 , The system will have a default vlan 1
[Quidway]display vlan　　　　　　　　　　　 /// see vlan Information
[Quidway]q　　　　　　　　　　　　　　　　　 /// Exit the system settings view
 

Add ports in batch to vlan 10

<Quidway>system-view　　　　　　　　　　    /// Enter system configuration mode
[Quidway]interface range GigabitEthernet 0/0/1 to GigabitEthernet 0/0/6
/// take 1 Speak to 6 Add mouth to port-group, Here the system defaults to 1 Speak to 6 Add mouth to 1 In a group .
[Quidway-port-group]port link-type access　　　/// take port-group All ports in the group are changed to access mouth
[Quidway-port-group]port default vlan 10　　　 /// take port-group All ports in the group are added to vlan 10
[Quidway]q　　　　　　　　　　　　　　　　　　　  /// Exit the system settings view
 

Or create a port group first , Add to vlan in

<Quidway>system-view　　　　　　　　　　    /// Enter system configuration mode
[Quidway]port-group 1　　　　　　　　　　　/// Create a port group , Group name is 1
[Quidway-port-group-1]group-member GigabitEthernet 0/0/7 to GigabitEthernet 0/0/17　  /// Put the port 7 To 17 Add to Port Group 1 in
[Quidway-port-group-1]port link-type access　/// take port-group-1 All ports in the group are changed to access mouth
[Quidway-port-group-1]port default vlan 20　 /// take port-group-1 All ports in the group are added to vlan 20
[Quidway-port-group-1]display vlan   　　　　/// View configured vlan Information
[Quidway-port-group-1]q　　　　　　　　　　　　/// Exit the port group 1 Configuration mode
[Quidway]q　　　　　　　　　　　　　　　        /// Exit the system settings view
 

Delete vlan---- You need to delete vlanif Information --- Delete again vlan

<Quidway>system-view　　　　　　　　　　    /// Enter system configuration mode
[Quidway]undo interface Vlanif 10　　　　　/// Delete vlanif 10
[Quidway]display vlan 　　　　　　　　　　  /// see vlan To configure
[Quidway]display current-configuration    /// Find out vlan The configuration is still ,vlanif The configuration is no longer
[Quidway]undo vlan 10　　　　　　　　　　　 /// Delete vlan 10
[Quidway]display vlan 　　　　　　　　　　  /// see vlan To configure , Find out vlan 10 No longer
[Quidway]display current-configuration    /// Find out vlan The configuration is not ,vlanif Configuration is not , however port Information and , Delete separately port Information is too slow

Batch deletion port Information

For the above, we have put vlanif Information deletion ,vlan Delete , however display current-configuration Find out

Previously created port The information is still there , Deleting one by one is too slow , Here we also create groups to delete

<Quidway>system-view　　　　　　　　　　    /// Enter system configuration mode
[Quidway]port-group 2　　　　　　　　　　　 /// establish port Group 2
[Quidway-port-group-2]group-member GigabitEthernet 0/0/1 to GigabitEthernet 0/0/6   /// take 1 Speak to 6 Add the mouth to port Group 2 in
[Quidway-port-group-2]undo port default vlan  /// take port Group 2 Port inside vlan Delete all configurations
[Quidway-port-group-2]undo port link-type     /// take port Group 2 All port types in the are restored to the default
[Quidway-port-group-2]display current-configuration   /// View port information
[Quidway-port-group-2]q　　　　　　　　　　　　/// Exit the port group 1 Configuration mode
[Quidway]q　　　　　　　　　　　　　　　        /// Exit the system settings view

===================================================================

Excerpts from the Internet ：

One 、 Configure through serial port cable S5700 Management of IP Address and gateway , The serial port cable is connected to the switch console mouth ,ip After setting, the network cable is connected to ETH mouth ：

<Quidway> system-view                   
[Quidway] interface Meth 0/0/1          
[Quidway-Meth0/0/1]ip address x.x.x.x 255.255.255.0
[Quidway-Meth0/0/1]quit
[Quidway]ip route-static 0.0.0.0 0.0.0.0 x.x.x.x（gateway）
[Quidway]
If the switch does not ETH mouth , And configuration is required VLANIF：
<Quidway> system-view                   
[Quidway] interface vlanif3000         
[Quidway--Vlanif3000]ip address x.x.x.x 255.255.255.0
[Quidway--Vlanif3000]quit
[Quidway]ip route-static 0.0.0.0 0.0.0.0 x.x.x.x（gateway）
[Quidway]

Two 、 Set up telnet Sign in S5700(eg. Set the username admin password 112233)：
<Quidway> system-view
[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] authentication-mode aaa
[Quidway-ui-vty0-4]protocal inbound all
[Quidway-ui-vty0-4] user privilege level 15
[Quidway-ui-vty0-4]quit
[Quidway]telnet server enable
[Quidway] aaa
[Quidway-aaa] local-user admin password cipher 112233
[Quidway-aaa] local-user admin service-type telnet
[Quidway-aaa] local-user admin privilege level 15
[Quidway-aaa] quit

3、 ... and 、 Set up SSH Sign in 5700（eg. Set the username admin password 112233）:
[Quidway]rsa local-key-pair create
The key name will be: Quidway_Host
% RSA keys defined for Quidway_Host already exist.
Confirm to replace them? [y/n]:y
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
       it will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
...........++++++++++++
......++++++++++++
..........++++++++
...............++++++++
[Quidway] aaa
[Quidway-aaa] local-user admin password simple 112233
[Quidway-aaa] local-user admin service-type ssh
[Quidway-aaa] local-user admin privilege level 15
[Quidway-aaa] quit
[Quidway] stelnet server enable
Info: Succeeded in starting the Stelnet server.
[Quidway] ssh authentication-type default password
[Quidway]quit
<Quidway> save all
======================================================================

Huawei S5700 Telnet To configure

<Quidway> system-view
[Quidway] vlan 10
[Quidway-vlan10] quit

[Quidway] interface gigabitethernet 0/0/1
[Quidway-GigabitEthernet0/0/1] port link-type hybrid
[Quidway-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[Quidway-GigabitEthernet0/0/1] quit

[Quidway]interface vlanif 10
[Quidway-vlanif10] ip address 202.38.160.92 255.255.0.0
[Quidway-vlanif10] quit

[Quidway] aaa
[Quidway-aaa] local-user huawei password cipher hello
[Quidway-aaa] local-user huawei service-type telnet
[Quidway-aaa] local-user huawei level 3
[Quidway-aaa] quit

[Quidway] user-interface vty 0 4
[Quidway-ui-vty0-4] authentication-mode aaa
[Quidway-ui-vty0-4]quit

[Quidway]quit

<Quidway>save


======================================================================

 Another excerpt ：

1. stay  Command mode  Next ： Input ：systerm-view   Enter system view mode 
2. On the system view mode command line ： Input ： aaa    Get into AAA authentication  Pattern 
3. Add remote login user , And set the user password and password encryption method 
 Get into AAA Mode command line ：
 Input  ：local-user test password cipher welcome
 Add a new user as ：test  The password for ：welcome  The encryption mode is ：cipher   Ciphertext encryption 

4. After setting up new users , Input ：
local-user test service-type http ssh telnet web
 Set which services can be accessed through this test User authentication , Set up telnet  service 
5. stay AAA Mode command line ：
 Set the command level that the newly added user can use on the command line ,3 For the highest 
local-user test level 3
 After setting, enter ：quit  Return to system view mode 
6. Input from the system view mode ：
user-interface vty 0 4
 Enter remote configuration view mode 
 Then in the remote configuration view mode , Input ：
authentication-mode aaa
 This configuration means , Remote connection use AAA authentication  Pattern , When connecting remotely, you can call AAA Users in the mode can log in and verify, save the configuration, and then exit the switch 

Huawei S5700 Switch initialization and configuration SSH and TELNET Remote login method - Xiaoyu Throwing Knife - Blog Garden