欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

本地AAA认证

程序员文章站 2022-03-10 18:06:50
...

1.1 问题

  1. 如图配置IP地址,通过AAA对远程登录用户进行控制
  2. 配置R1的AAA为本地认证和授权,通过域huawei来管理用户
  3. 配置R3的AAA为本地认证和授权,通过域 HCIE 来管理用户
  4. 配置R1/3端的用户/密码为 Huawei/hcia,用户权限为0

1.2 方案

使用eNSP搭建实验环境,如图-1所示。

本地AAA认证

图-1

1.3 步骤

实现此案例需要按照如下步骤进行。

1)配置IP地址,确保设备互通

    <Huawei>undo terminal monitor
    [Huawei]sysname R1     
    [R1]interface GigabitEthernet 0/0/0
    [R1-GigabitEthernet0/0/0]ip add 119.84.111.1 24
    [R1-GigabitEthernet0/0/0]quit
    <Huawei>undo terminal monitor
    [Huawei]sysname R3     
    [R3]interface GigabitEthernet 0/0/0
    [R3-GigabitEthernet0/0/0]ip add 119.84.111.3 24
    [R3-GigabitEthernet0/0/0]quit

2)在R1上配置 AAA 功能

    [R1]aaa
    [R1-aaa]authentication-scheme auth1              //配置认证机制
    [R1-aaa-authen-auth1]authentication-mode local  //通过本地密码数据库进行认证
    [R1-aaa-authen-auth1]quit
    [R1-aaa]authorization-scheme auth2              //配置授权机制
    [R1-aaa-author-auth2]authorization-mode local   //通过本地密码数据库进行认证
    [R1-aaa-author-auth2]quit
    [R1]telnet server enable  //开启Telnet 服务器功能
    [R1]aaa
    [R1-aaa]domain Huawei                             //配置管理域
    [R1-aaa-domain-huawei]authentication-scheme auth1 
    [R1-aaa-domain-huawei]authorization-scheme  auth2
    [R1-aaa-domain-huawei]quit
    [R1-aaa]local-user [email protected] password cipher hcia  //创建用户名和密码
    [R1-aaa]local-user [email protected] service-type telnet   //指定服务类型为telnet
    [R1-aaa]local-user [email protected] privilege level 0     //分配用户级别为 0 
    [R1]user-interface vty 0 4
    [R1-ui-vty0-4]authentication-mode aaa   //指定VTY的认证方式为 AAA
    [R1-ui-vty0-4]quit

3)R3远程登录 R1

    <R3>telnet 119.84.111.1
      Press CTRL_] to quit telnet mode
      Trying 119.84.111.1 ...
      Connected to 119.84.111.1 ...
    Login authentication
    Username:[email protected]
    Password:
    <R1>system-view
        ^
    Error: Unrecognized command found at '^' position.

4)在R3上配置 AAA 功能

    [R3]aaa
    [R3-aaa]authentication-scheme auth1              //配置认证机制
    [R3-aaa-authen-auth1]authentication-mode local  //通过本地密码数据库进行认证
    [R3-aaa-authen-auth1]quit
    [R3-aaa]authorization-scheme auth2              //配置授权机制
    [R3-aaa-author-auth2]authorization-mode local  //通过本地密码数据库进行认证
    [R3-aaa-author-auth2]quit
    [R3]telnet server enable  //开启Telnet 服务器功能
    [R3]aaa
    [R3-aaa]domain HCIE                             //配置管理域
    [R3-aaa-domain-HCIE]authentication-scheme auth1 
    [R3-aaa-domain-HCIE]authorization-scheme auth2
    [R3-aaa-domain-HCIE]quit
    [R3-aaa]local-user [email protected] password cipher hcia  //创建用户名和密码
    [R3-aaa]local-user [email protected] service-type telnet   //指定服务类型为telnet
    [R3-aaa]local-user [email protected] privilege level 0     //分配用户级别为 0
    [R3]user-interface vty 0 4
    [R3-ui-vty0-4]authentication-mode aaa   //指定VTY的认证方式为 AAA

5)R1远程登录R3

    <R1>telnet 119.84.111.3
      Press CTRL_] to quit telnet mode
      Trying 119.84.111.1 ...
      Connected to 119.84.111.1 ...
    Login authentication
    Username:[email protected]
    Password:
    <R3>system-view
        ^
    Error: Unrecognized command found at '^' position.

 

相关标签: HCIA