Huawei switch: configure Telnet, SSH and web access

Huawei configuration telnet and ssh visit

One 、Telnet Login configuration
1、 To configure telnet Functions and parameters
<Huawei>system-view # Enter the system view
[Huawei]telnet server enable # Configuration on telnet（ Default on ）
[Huawei]telnet server port 23 # To configure telnet port （ The default is 23）

2、 To configure telnet User login interface
[Huawei]user-interface vty 0 4 # Get into vty User interface view
[Huawei-ui-vty0-4]protocol inbound telnet # Configure user interface support Telnet service
[Huawei-ui-vty0-4]user privilege level 3 # Configure user level ,3 Management level , Highest authority

3、 Configure authentication method
Three input verification methods ：

none: No need to verify
password: User password authentication
aaa: AAA verification , That is, user name and password authentication
We only need to choose one of these three verification methods . General choice C.

A. Configure not to verify password
[Huawei-ui-vty0-4]authentication-mode none

B. To configure passwd Verification mode
[Huawei-ui-vty0-4]authentication-mode password # The configuration verification method is password
[Huawei-ui-vty0-4]set authentication password cipher Huawei123 # Configure the authentication password :Huawei12#$

C. To configure AAA verification
[Huawei-ui-vty0-4] authentication-mode aaa # The configuration verification mode is aaa
[Huawei-ui-vty0-4] quit # Exit the user interface view
[Huawei] aaa # Get into aaa verification
[Huawei-aaa] local-user admin password cipher Huawei12#$ # Set the login user name to admin, The password for Huawei12#$
[Huawei-aaa] local-user admin privilege level 3    # Configure user level
[Huawei-aaa] local-user admin service-type telnet  # Configure user login mode
[Huawei-aaa] quit

Description of user login level

0 Visit level ： Network diagnostic tool command （ping、tracert）、 The command to access the external device from this device （Telnet client ）、 part display Orders, etc .
1 Monitoring level ： For system maintenance , Include display Wait for the order . Not all display Commands are at the monitoring level , such as display current-configuration Command and display saved-configuration The order is 3 Management level .
2 Configuration level ： Business configuration command , Including routing 、 Commands at all network levels , Provide users with direct network services .
3～15 Management level ： Commands for basic system operation , Support the business , Including file system 、FTP、TFTP download 、 Command level setting commands and... For business fault diagnosis debugging Orders, etc .
4、 To configure Telnet Remote login management port
The remote management port can be a physical port or a logical port

Set the physical management port

[Huawei] interface MEth 0/0/1
[Huawei-MEth0/0/1] ip address 192.168.1.250 24
[Huawei-MEth0/0/1] quit

Set the logical port

[Huawei] vlan 10
...
[Huawei] interface vlanif 10
[Huawei-vlanif10] ip address 192.168.10.1 24
[Huawei-vlanif10] quit

explain ： It must be ensured that the control terminal can be connected to the switch vlanif10 port , Especially when the control end is directly connected to this device , The device port connected to the control end also needs to be equipped with corresponding vlan, Such as control end connection GigabitEthernet0/0/1 To remotely login the device , The required configuration is as follows ：

[Huawei] interface gigabitethernet0/0/1
[Huawei-GigabitEthernet0/0/1] port link-type access
[Huawei-GigabitEthernet0/0/1] port default vlan 10
[Huawei-GigabitEthernet0/0/1] quit

Two 、 To configure SSH Remote login
1. To configure SSH Remote login interface and its properties
<Huawei> system-view
[Huawei] user-interface vty 0 4
[Huawei-ui-vty0-4] authentication-mode aaa    # Configure user interface authentication
[Huawei-ui-vty0-4] protocal inbound ssh       # Configure user interface support SSH
[Huawei-ui-vty0-4] user privilege level 5     # Configure user interface priority
[Huawei-ui-vty0-4] quit

2. To configure SSH service
[Huawei] stelnet server enable     # Can make STelnet service
[Huawei] ssh user radmin service-type stelnet    # To configure SSH user radmin Our service mode is STelnet
[Huawei] ssh user radmin authentication-type password    # Configure the user name to radmin( newly build ) Of SSH user

3. To configure AAA Verify the required user name and password
[Huawei] aaa
[Huawei-aaa] local-user radmin password cipher Huawei12#$ # Configure users 'radmin'( newly build ) And the password 'Huawei12#$'
[Huawei-aaa] local-user radmin privilege level 10   # Configure user priority
[Huawei-aaa] local-user radmin service-type ssh     # Configure the local user access type as SSH
[Huawei-aaa] quit

explain ： When user interface priority and user's own priority （AAA Configuration under view ） Conflict , Subject to user priority

To configure SSH Remote login management port
Configuration root of management port Telnet Service consistency , No more repetition .

Management terminal login

ssh [email protected]

3、 ... and 、web Page login configuration steps
Configuration steps ：

system-view
[HUAWEI]http server enable    # Turn on http service
[HUAWEI]interface vlanif 1
[HUAWEI-Vlanif1]ip add 192.168.1.1 255.255.255.0     # To configure IP Address
[HUAWEI-Vlanif1]quit
[HUAWEI]aaa
[HUAWEI-aaa]local-user huawei password cipher [email protected]     # Configure username huawei And password [email protected]
[HUAWEI-aaa]local-user huawei privilege level 15       # Configure user name and permissions
[HUAWEI-aaa]local-user huawei service-type http        # Configure user name and service type
[HUAWEI-aaa]quit
[HUAWEI]quit
save
y

When Huawei equipment leaves the factory , Yes web The access interface is limited , We have to find out which interface can web visit

display current-configuration filter http serve   # Query which interface allows web visit
#
post-system
 http server enable
 http server permit interface GigabitEthernet0/0/1  # This interface can access
#
return

There are two solutions ：

undo http server permit interface    # Remove restrictions
http server permit interface e0/0/0  # Allow your interface to access web

What I want to say here is , Huawei's web The interface is really poor , The real machine I use AR1220, I don't know how about the new version . It is suggested to use the command to .

Link to the original text ：https://blog.csdn.net/annita2019/article/details/109370995