第一步:配置Console的权限
<sysname>Sys //进入系统配置
[sysname]Sysname H3C_7 //这是第7台交换机
[H3C_7]line aux 0 //进入AUX用户视图
[H3C_7-line-aux0]authentication-mode scheme //设置Console口登录的用户进行AAA认证
[H3C_7-line-aux0]quit
[H3C_7]local-user admin class manage //进入本地用户视图,创建名称为admin的用户
[H3C_7-luser-manage-admin]password simple 4334 //密码为4334
[H3C_7-luser-manage-admin]service-type terminal //本地用户服务类型为Terminal
[H3C_7-luser-manage-admin]authorization-attribute user-role network-admin //设置为网络管理员
[H3C_7-luser-manage-admin]undo authorization-attribute user-role network-operator //删除默认角色
[H3C_7-luser-manage-admin]quit
第二步:配置telnet
[H3C_7]telnet server enable //进入系统视图,启用telnet服务
[H3C_7]line vty 0 4 //设置通过VTY用户登录使用AAA认证方式
[H3C_7-line-vty0-4]authentication-mode scheme //AAA认证
[H3C_7-line-vty0-4]quit
[H3C_7]local-user userA class manage //创建本地用户userA,类型为manage
[H3C_7-luser-manage-userA]authorization-attribute user-role network-admin //角色
[H3C_7-luser-manage-userA]service-type telnet //服务类型
[H3C_7-luser-manage-userA]password simple 4334 //密码为4334
[H3C_7-luser-manage-userA]undo authorization-attribute user-role network-operator //删除默认角色
[H3C_7-luser-manage-userA]quit
配置访问IP
[H3C_7]acl number 2000
[H3C_7-acl-basic-2000]rule 10 permit source 1.2.3.4 0 //允许IP地址为1.2.3.4的计算机访问
[H3C_7-acl-basic-2000]rule 20 deny source any //阻止其他的IP
[H3C_7-acl-basic-2000]quit
[H3C_7]telnet server acl 2000 //绑定telnet
第三步:配置vlan
[H3C_7]vlan 13 //创建vlan 13
[H3C_7-vlan13]vlan 14 //创建vlan 14
[H3C_7-vlan14]quit
第四步:配置管理IP
[H3C_7]interface vlan 13
[H3C_7-vlan-interface13]ip address 1.2.3.7 255.255.255.224
[H3C_7-vlan-interface13]quit
第五步:配置默认路由
[H3C_7]ip route-static 0.0.0.0 0 1.2.3.11
第六步:配置Trunk
[H3C_7]interface GigabitEthernet1/0/52
[H3C_7-GigabitEthernet1/0/52]port link-type trunk
[H3C_7-GigabitEthernet1/0/52]port trunk permit vlan all
[H3C_7-GigabitEthernet1/0/52]quit
第七步:配置端口
[H3C_7]interface GigabitEthernet1/0/1
[H3C_7-GigabitEthernet1/0/1]port link-type access
[H3C_7-GigabitEthernet1/0/1]port access vlan 4
......全局设定......
mac-address enable
......该端口可以添加其他的配置......
ip verify source ip-address mac-address //允许绑定
ip source binding ip-address 1.2.3.10 mac-address 1234-5678-9009 //绑定ip和mac
ip source binding ip-address 1.2.3.12 mac-address 1234-5678-9008 //绑定ip和mac
......配置其他端口......
[H3C_7]interface range GigabitEthernet1/0/5 to GigabitEthernet1/0/8 //配置5-8端口
......
[H3C_7-GigabitEthernet1/0/1]quit
第八步:保存配置
[H3C_7]save
1、更改用户密码
sys
local-user 用户名
password simple 密码
save
2、创建用户
<H3C>sys
System View: return to User View with Ctrl+Z.
[H3C]sysn
[H3C]sysname sw1
[sw1]local-user admin
New local user added.
[sw1-luser-manage-admin]password simple 123
[sw1-luser-manage-admin]authorization-attribute user-role network-admin
[sw1-luser-manage-admin]authorization-attribute user-role network-operator
[sw1-luser-manage-admin]service-type ssh
[sw1-luser-manage-admin]qui
//开启交换机ssh功能
[sw1]ssh server enable
3、交换机端口绑定IP与MAC地址
[sw1]int g1/0/10
[sw1-GigabitEthernet1/0/10]ip verify source ip-address mac-address
[sw1-GigabitEthernet1/0/10]ip source binding ip-address 192.168.1.10 mac-address 0001-0203-0405
[sw1-GigabitEthernet1/0/10]dis th
#
interface GigabitEthernet1/0/10
port link-mode bridge
combo enable fiber
ip verify source ip-address mac-address
ip source binding ip-address 192.168.1.10 mac-address 0001-0203-0405
#
return
[sw1-GigabitEthernet1/0/10]qui
[sw1]qui
————————————————
版权声明:本文为CSDN博主「家庭煮夫在搬砖」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/u013383042/article/details/113818507