1、华为交换机 VTY 用户界面属性配置教程用户通过 Telnet 或 SSH 方式登录设备实现本地或远程维护时,可以根据用户使用需求以及对设备安全的考虑来配置 VTY, 除对 VTY 类型用户界面呼入呼出进行限制的 ACL 号、用户名和口令及用户界面的验证方式外其他参数设备均有缺省值,用户可以结合实际需求和安全性考虑选择配置。1、设置通过账号和密码登陆 VTY界面1.1、进入 VTY 用户界面视图Huaweiuser-interface vty ?INTEGER The first user terminal interface to be configuredHuaweiuser-interf
2、ace vty 0 4Huawei-ui-vty0-41.2、设置用户验证方式为 AAA 验证(即通过账号和密码登陆)Huawei-ui-vty0-4authentication-mode ?aaa AAA authenticationnone Login without checkingpassword Authentication through the password of a user terminal interfaceHuawei-ui-vty0-4authentication-mode aaa1.3、设置登陆的账号和密码Huawei-ui-vty0-4qHuaweiaaaHua
3、wei-aaalocal-user ?STRING User name, in form of userdomain. Can use wildcard *,while displaying and modifying, such as *isp,user*,*.Cannot include invalid character / : * ? “ | Huawei-aaalocal-user ?access-limit Set access limit of user(s)ftp-directory Set user(s) FTP directory permittedidle-timeou
4、t Set the timeout period for terminal user(s)password Set passwordprivilege Set admin user(s) levelservice-type Service types for authorized user(s)state Activate/Block the user(s)user-group User groupHuawei-aaalocal-user password ?cipher User password with cipher textHuawei-aaalocal-user password
5、 cipher 1.4、设置账号的使用类型为 Telnet 或 SSHHuawei-aaalocal-user service-type telnet或Huawei-aaalocal-user service-type ssh2、设置只通过密码登陆 VTY2.1、置用户验证方式为密码验证Huawei-ui-vty0-4authentication-mode password2.2、设置登陆密码Huawei-ui-vty0-4set authentication password cipher ?STRING/ Plain text/cipher text passwordHuawei-ui
6、-vty0-4set authentication password cipher 3、设置直接登陆 VTY(此模式不安全)Huawei-ui-vty0-4authentication-mode none4、配置 VTY用户界面的用户优先级缺省情况下,VTY 用户界面对应的默认命令访问级别是 0,实际工作如果对权限要求不是特别严格,一本设置为 15 级。Huawei-ui-vty0-4user privilege level ?INTEGER Set a priorityHuawei-ui-vty0-4user privilege level 155、启用 VTY终端服务Huawei-ui-v
7、ty0-4shell6、设置用户超时断连时间Huawei-ui-vty0-4idle-timeout ?INTEGER Set the number of minutes before a terminal user times out(default: 10minutes)7、设置终端屏幕每屏显示的行数Huawei-ui-vty0-4screen-length ?INTEGER Display the number of lines on a screen (the value 0 indicates none split screen, and the default value is 2
8、4)8、设置终端屏幕显示的列数Huawei-ui-vty0-4screen-width ?INTEGER Screen width value, the default is 809、设置历史命令缓存条数Huawei-ui-vty0-4history-command ?max-size Set the size of the maximum history buffer, the default value is 10Huawei-ui-console0history-command max-size ?INTEGER The size of a history buffer10、 VTY用户
9、界面支持的登陆协议Huawei-ui-vty0-4protocol inbound ?all All protocolsssh SSH protocoltelnet Telnet protocol11、配置 VTY用户界面的最大个数VTY 用户界面最大个数是指登录设备的 Telnet 用户和 SSH 用户的总和。当配置 VTY 用户界面最大个数为 0 时,任何用户(包括网管用户)都无法通过 VTY 登录到设备。如果要配置的 VTY 类型用户界面的最大个数小于当前在线用户的数量,则系统提示配置失败。如果要配置的 VTY 类型用户界面的最大个数大于当前最多可以登录用户的数量,就必须为新增加的用户界
10、面配置验证方式。Huaweiuser-interface maximum-vty ?INTEGER The maximum number of VTY users, the default value is 512、配置 VTY用户界面的基于 ACL的登录限制Huawei-ui-vty0-4acl ?INTEGER Apply basic or advanced ACLipv6 Filter IPv6 addressesHuawei-ui-vty0-4acl 2000 ?inbound Filter login connections from the current user interfa
11、ceoutbound Filter logout connections from the current user interface13、查看 VTY用户界面信息Huaweidisplay user-interface vty 0 4Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int 38 VTY 4 - 15 - N - + : Current UI is active.F : Current UI is active and work in async mode.Idx : Absolute index of UIs.Type : Type
12、and relative index of UIs.Privi: The privilege of UIs.ActualPrivi: The actual privilege of user-interface.Auth : The authentication mode of UIs.A: Authenticate use AAA.N: Current UI need not authentication.P: Authenticate use current UIs password.Int : The physical location of UIs.14、查看 VTY类型用户界面的最大个数Huaweidisplay user-interface maximum-vtyMaximum of VTY user:15
