综合实验(六)

核心交换机配置telent

[SW1]telnet server enable 
[SW1]aaa
[SW1-aaa]local-user hcip privilege level 3 password cipher 123
Info: Add a new user.
[SW1-aaa]display this
#
aaa
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default
 domain default_admin
 local-user hcip password cipher #*C>*$C`S!INZPO3JBXBHA!!
 local-user hcip privilege level 3
 local-user admin password simple admin
 local-user admin service-type http
#
return
[SW1-aaa]local-user hcip ?
  access-limit   Set access limit of user(s)
  ftp-directory  Set user(s) FTP directory permitted
  idle-timeout   Set the timeout period for terminal user(s)
  password       Set password 
  privilege      Set admin user(s) level
  service-type   Service types for authorized user(s)
  state          Activate/Block the user(s)
[SW1-aaa]local-user hcip service-type telnet 
[SW1]user-interface vty 0 4 ?
  <cr>  
[SW1]user-interface vty 0 4 
[SW1-ui-vty0-4]authentication-mode aaa

虚拟PC测试

<pc>telnet 192.168.254.2
Trying 192.168.254.2 ...
Press CTRL+K to abort
Connected to 192.168.254.2 ...


Login authentication


Username:aaa
Info: The connection was closed by the remote host.
<pc>
<pc>telnet 192.168.254.2
Trying 192.168.254.2 ...
Press CTRL+K to abort
Connected to 192.168.254.2 ...


Login authentication


Username:hcip
Password:
Info: The max number of VTY users is 5, and the number
      of current VTY users on line is 1.
      The current login time is 2023-04-14 19:51:41.
<SW1>

核心交换机配置管理流量网关

[SW1]vlan 999
[SW1-vlan999]quit
[SW1]int vlanif 999
[SW1-Vlanif999]ip add 192.168.253.1 255.255.255.0
[SW1-Vlanif999]

接入交换机配置管理流量IP

[SW2]vlan 999
[SW2-vlan999]quit
[SW2]int vlanif 999
[SW2-Vlanif999]ip add 192.168.253.2 255.255.255.0
[SW2-Vlanif999]quit
[SW2]ip route-static 0.0.0.0 0 192.168.253.1   #### 关键一步，回包路由
[SW2]display ip interface brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 3

Interface                         IP Address/Mask      Physical   Protocol  
MEth0/0/1                         unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Vlanif1                           unassigned           up         down      
Vlanif200                         unassigned           up         down      
Vlanif999                         192.168.253.2/24     up         up        

------------------------配置远程访问用户
[SW2]aaa
[SW2-aaa]local-user hcip privilege level 3 password cipher 123
Info: Add a new user.
[SW2-aaa]local-user hcip service-type telnet
[SW2]user-interface vty 0 4 
[SW2-ui-vty0-4]authentication-mode aaa

模拟PC登陆接入交换机

<pc>telnet 192.168.253.2
Trying 192.168.253.2 ...
Press CTRL+K to abort
Connected to 192.168.253.2 ...


Login authentication


Username:hcip
Password:
Info: The max number of VTY users is 5, and the number
      of current VTY users on line is 1.
      The current login time is 2023-04-14 20:10:24.
<SW2>dis ip in	
<SW2>dis ip interface br	
<SW2>dis ip interface brief 
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 4
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 3

Interface                         IP Address/Mask      Physical   Protocol  
MEth0/0/1                         unassigned           down       down      
NULL0                             unassigned           up         up(s)     
Vlanif1                           unassigned           up         down      
Vlanif200                         unassigned           up         down      
Vlanif999                         192.168.253.2/24     up         up