1、安装华为eNSP模拟软件,熟悉VRP基本操作
<Huawei>system-view
[Huawei]sysname R1
<R1>display version
<R1>display current-configuration
[R1]display interface GigabitEthernet 0/0/0
<R1>save
[R1]display ip interface brief
<R1>display ip routing-table
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode password
[R1]telnet 10.1.1.254
[R1-ui-vty0-4]user privilege level 2
[R1]aaa
[R1-aaa]local-user admin password cipher p@ssw0rd privilege level 3
[R1-aaa]local-user admin service-type telnet
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa
Telnet 可以设置密码认证,也可以设置AAA认证,就是设置一个用户名和密码,指定权限。
Telnet 基于 TCP协议的23号端口,明文传输,抓包可以看到密码。
配置STelnet
由于SSH用户使用password方式验证,需要在SSH服务器端生成本地rsa密钥,因此生成本地rsa密钥对是完成ssh登录配置的首要操作。
[R2]rsa local-key-pair create
[R2]display rsa local-key-pair public
[R2]user-interface vty 0 4
[R2-ui-vty0-4]authentication-mode aaa
[R2-ui-vty0-4]protocol inbound ssh
[R2]aaa
[R2-aaa]local-user admin password cipher p@ssw0rd
[R2-aaa]local-user admin service-type ssh
[R2]ssh user admin authentication-type password
[R2-aaa]local-user admin privilege level 15
[R2]stelnet server enable
[R2]display ssh user-information admin
[R2]display ssh server status
配置客户端
当客户端第一次登录SSH服务器时,用户端还没有保存SSH服务器的RSA公钥,会对服务器的RSA有效性公钥检查失败,从而导致登录服务器失败,因此当用户端首次登录时,需要开启SSH用户端首次认证功能,不对SSH服务器的RSA公钥进行有效性检查。
[R1]ssh client first-time enable
[R1]stelnet 10.1.1.2
Please input the username:admin
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 10.1.1.2 ...
The server is not authenticated. Continue to access it? (y/n)[n]:y
Aug 7 2022 21:23:16-08:00 R1 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[1]:The server ha
d not been authenticated in the process of exchanging keys. When deciding whethe
r to continue, the user chose Y.
[R1]
Save the server's public key? (y/n)[n]:y
The server's public key will be saved with the name 10.1.1.2. Please wait...
Aug 7 2022 21:23:20-08:00 R1 %%01SSH/4/SAVE_PUBLICKEY(l)[2]:When deciding wheth
er to save the server's public key 10.1.1.2, the user chose Y.
[R1]
Enter password:
<R2>这里已经登录上来了
交换机基础配置
配置接口速率 speed 1000
配置接口双工模式 auto duplex full
ARP 动态ARP利用广播报文,动态执行并自动进行IP地址到MAC地址的解析。
静态ARP是手动建立IP和MAC的映射关系。
ARP缓存表 arp -a -d -s
display arp all