华为交换机VTY用户界面属性配置教程

华为交换机VTY用户界面属性配置教程用户通过Telnet或SSH方式登录设备实现本地或远程维护时，可以根据用户使用需求以及对设备安全的考虑来配置VTY，除对VTY类型用户界面呼入呼出进行限制的ACL号、用户名和口令及用户界面的验证方式外其他参数设备均有缺省值，用户可以结合实际需求和安全性考虑选择配置。1、设置通过账号和密码登陆VTY界面1.1、进入VTY用户界面视图[Huawei]user-interfacevty?INTEGER0-4,16-20Thefirstuserterminalinterfacetobeconfigured[Huawei]user-interfacevty04[Huawei-ui-vty0-4]1.2、设置用户验证方式为AAA验证（即通过账号和密码登陆）[Huawei-ui-vty0-4]authentication-mode?aaaAAAauthenticationnoneLoginwithoutcheckingpasswordAuthenticationthroughthepasswordofauserterminalinterface[Huawei-ui-vty0-4]authentication-modeaaa1.3、设置登陆的账号和密码[Huawei-ui-vty0-4]q[Huawei]aaa[Huawei-aaa]local-user?STRING1-64Username,informof'user@domain'.Canusewildcard'*',whiledisplayingandmodifying,suchas*@isp,user@*,*@*.Cannotincludeinvalidcharacter/\:*?|@'[Huawei-aaa]local-user023wg.com?access-limitSetaccesslimitofuser(s)ftp-directorySetuser(s)FTPdirectorypermittedidle-timeoutSetthetimeoutperiodforterminaluser(s)passwordSetpasswordprivilegeSetadminuser(s)levelservice-typeServicetypesforauthorizeduser(s)stateActivate/Blocktheuser(s)user-groupUsergroup[Huawei-aaa]local-user023wg.compassword?cipherUserpasswordwithciphertext[Huawei-aaa]local-user023wg.compasswordcipher、设置账号的使用类型为Telnet或SSH[Huawei-aaa]local-user023wg.comservice-typetelnet或[Huawei-aaa]local-user023wg.comservice-typessh2、设置只通过密码登陆VTY2.1、置用户验证方式为密码验证[Huawei-ui-vty0-4]authentication-modepassword2.2、设置登陆密码[Huawei-ui-vty0-4]setauthenticationpasswordcipher?STRING1-16/24Plaintext/ciphertextpassword[Huawei-ui-vty0-4]setauthenticationpasswordcipher、设置直接登陆VTY（此模式不安全）[Huawei-ui-vty0-4]authentication-modenone4、配置VTY用户界面的用户优先级缺省情况下，VTY用户界面对应的默认命令访问级别是0，实际工作如果对权限要求不是特别严格，一本设置为15级。[Huawei-ui-vty0-4]userprivilegelevel?INTEGER0-15Setapriority[Huawei-ui-vty0-4]userprivilegelevel155、启用VTY终端服务[Huawei-ui-vty0-4]shell6、设置用户超时断连时间[Huawei-ui-vty0-4]idle-timeout?INTEGER0-35791Setthenumberofminutesbeforeaterminalusertimesout(default:10minutes)7、设置终端屏幕每屏显示的行数[Huawei-ui-vty0-4]screen-length?INTEGER0-512Displaythenumberoflinesonascreen(thevalue0indicatesnonesplitscreen,andthedefaultvalueis24)8、设置终端屏幕显示的列数[Huawei-ui-vty0-4]screen-width?INTEGER60-512Screenwidthvalue,thedefaultis809、设置历史命令缓存条数[Huawei-ui-vty0-4]history-command?max-sizeSetthesizeofthemaximumhistorybuffer,thedefaultvalueis10[Huawei-ui-console0]history-commandmax-size?INTEGER0-256Thesizeofahistorybuffer10、VTY用户界面支持的登陆协议[Huawei-ui-vty0-4]protocolinbound?allAllprotocolssshSSHprotocoltelnetTelnetprotocol11、配置VTY用户界面的最大个数VTY用户界面最大个数是指登录设备的Telnet用户和SSH用户的总和。当配置VTY用户界面最大个数为0时，任何用户（包括网管用户）都无法通过VTY登录到设备。如果要配置的VTY类型用户界面的最大个数小于当前在线用户的数量，则系统提示配置失败。如果要配置的VTY类型用户界面的最大个数大于当前最多可以登录用户的数量，就必须为新增加的用户界面配置验证方式。[Huawei]user-interfacemaximum-vty?INTEGER0-15ThemaximumnumberofVTYusers,thedefaultvalueis512、配置VTY用户界面的基于ACL的登录限制[Huawei-ui-vty0-4]acl?INTEGER2000-3999ApplybasicoradvancedACLipv6FilterIPv6addresses[Huawei-ui-vty0-4]acl2000?inboundFilterloginconnectionsfromthecurrentuserinterfaceoutboundFilterlogoutconnectionsfromthecurrentuserinterface13、查看VTY用户界面信息[Huawei]displayuser-interfacevty04IdxTypeTx/RxModemPriviActualPriviAuthInt38VTY4-15-N-+:CurrentUIisactive.F:CurrentUIisactiveandworkinasyncmode.Idx:AbsoluteindexofUIs.Type:TypeandrelativeindexofUIs.Privi:TheprivilegeofUIs.ActualPrivi:Theactualprivilegeofuser-interface.Auth:TheauthenticationmodeofUIs.A:AuthenticateuseAAA.N:CurrentUIneednotauthentication.P:AuthenticateusecurrentUI'spassword.Int:ThephysicallocationofUIs.14、查看VTY类型用户界面的最大个数[Huawei]displayuser-interfacemaximum-vtyMaximumofVTYuser:15