华为交换机VTY用户界面属性配置教程.docx

华为交换机VTY用户界面属性配置教程用户通过Telnet或SSH方式登录设备实现本地或远程维护时，可以根据用户使用需求以及对设备安全的考虑来配置VTY,除对VTY类型用户界面呼入呼出进行限制的ACL号、用户名和口令及用户界面的验证方式外其他参数设备均 有缺省值，用户可以结合实际需求和安全性考虑选择配置1、设置通过账号和密码登陆VTY界面1.1、 进入VTY用户界面视图[Huawei]user-interface vty ?INTEGER<0-4,16-20> The first user terminal interface to beconfigured[Huawei]user-interface vty 0 4[Huawei-ui-vty0-4]1.2、 设置用户验证方式为 AAA验证（即通过账号和密码登陆）[Huawei-ui-vty0-4]authentication-mode ?aaa AAA authenticationnone Login without checkingpassword Authentication through the password of a user terminalinterface[Huawei-ui-vty0-4]authentication-mode aaa1.3、 设置登陆的账号和密码[Huawei-ui-vty0-4]q[Huawei]aaa[Huawei-aaa]local-user ?STRING<1-64> User name, in form of 'user@domain'. Can use wildcard '*',while displaying and modifying, such as*@isp,user@*,*@*.Cannot include invalid character / \ : * ? ” < > | @ '[Huawei-aaa]local-user ?access-limit Set access limit of user(s)ftp-directory Set user(s) FTP directory permittedidle-timeoutSet the timeout period for terminal user(s)passwordSet passwordprivilege Set admin user(s) levelservice-typeService types for authorized user(s)state Activate/Block the user(s)user-groupUser groupcipher User password with cipher text[Huawei-aaa]local-user password cipher 1.4、 设置账号的使用类型为 Telnet或SSH[Huawei-aaa]local-user service-type telnet或[Huawei-aaa]local-user service-type ssh2、设置只通过密码登陆VTY2.1、 置用户验证方式为密码验证[Huawei-ui-vty0-4]authentication-mode password2.2、 设置登陆密码[Huawei-ui-vty0-4]set authentication password cipher ?STRING<1-16>/<24> Plain text/cipher text password[Huawei-ui-vty0-4]set authentication password cipher 3、设置直接登陆VTY （此模式不安全）4、配置VTY用户界面的用户优先级缺省情况下，VTY用户界面对应的默认命令访问级别是0,实际工作如果对权限要求不是特别严格，一本设置为15级。

[Huawei-ui-vty0-4]user privilege level ?INTEGER<0-15> Set a priority[Huawei-ui-vty0-4]user privilege level 155、启用VTY终端服务[Huawei-ui-vty0-4]shell6、设置用户超时断连时间[Huawei-ui-vty0-4]idle-timeout ?INTEGER<0-35791> Set the number of minutes before a terminal usertimes out(default: 10minutes)7、设置终端屏幕每屏显示的行数[Huawei-ui-vty0-4]screen-length ?INTEGER<0-512> Display the number of lines on a screen (the value 0indicates none split screen, and the default value is 24)8、设置终端屏幕显示的列数[Huawei-ui-vty0-4]screen-width ?INTEGER<60-512> Screen width value, the default is 809、设置历史命令缓存条数[Huawei-ui-vty0-4]history-command ?max-size Set the size of the maximum history buffer, the default value is 10[Huawei-ui-console0]history-command max-size ?INTEGER<0-256> The size of a history buffer10、VTY用户界面支持的登陆协议[Huawei-ui-vty0-4]protocol inbound ?all All protocolsssh SSH protocoltelnet Telnet protocol11、配置VTY用户界面的最大个数VTY用户界面最大个数是指登录设备的Telnet用户和SSH用户的总和。

当配置VTY用户界面最大个数为0时，任何用户（包括网管用户）都无法 通过VTY登录到设备如果要配置的VTY类型用户界面的最大个数小于当前用户的数量，则系统 提示配置失败如果要配置的 VTY类型用户界面的最大个数大于当前最多可以 登录用户的数量，就必须为新增加的用户界面配置验证方式 [Huawei]user-interface maximum-vty ?INTEGER<0-15> The maximum number of VTY users, the default value is 512、配置VTY用户界面的基于ACL的登录限制[Huawei-ui-vty0-4]acl ?INTEGERv2000-3999> Apply basic or advanced ACLipv6Filter IPv6 addresses[Huawei-ui-vty0-4]acl 2000 ?inbound Filter login connections from the current user interface outbound Filter logout connections from the current user interface13、查看VTY用户界面信息[Huawei]display user-interface vty 0 4Idx Type Tx/Rx Modem Privi ActualPrivi Auth Int38 VTY 4-15- N -+: Current UI is active.F : Current UI is active and work in async mode.Idx : Absolute index of UIs.Type : Type and relative index of UIs.Privi: The privilege of UIs.ActualPrivi: The actual privilege of user-interface.Auth : The authentication mode of UIs.A: Authenticate use AAA.N: Current UI need not authentication.P: Authenticate use current UI's password.Int : The physical location of UIs.14、查看VTY类型用户界面的最大个数[Huawei]display user-interface maximum-vtyMaximum of VTY user:15。