本地AAA认证
程序员文章站
2022-03-10 18:06:50
...
1.1 问题
- 如图配置IP地址,通过AAA对远程登录用户进行控制
- 配置R1的AAA为本地认证和授权,通过域huawei来管理用户
- 配置R3的AAA为本地认证和授权,通过域 HCIE 来管理用户
- 配置R1/3端的用户/密码为 Huawei/hcia,用户权限为0
1.2 方案
使用eNSP搭建实验环境,如图-1所示。
图-1
1.3 步骤
实现此案例需要按照如下步骤进行。
1)配置IP地址,确保设备互通
<Huawei>undo terminal monitor
[Huawei]sysname R1
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip add 119.84.111.1 24
[R1-GigabitEthernet0/0/0]quit
<Huawei>undo terminal monitor
[Huawei]sysname R3
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ip add 119.84.111.3 24
[R3-GigabitEthernet0/0/0]quit
2)在R1上配置 AAA 功能
[R1]aaa
[R1-aaa]authentication-scheme auth1 //配置认证机制
[R1-aaa-authen-auth1]authentication-mode local //通过本地密码数据库进行认证
[R1-aaa-authen-auth1]quit
[R1-aaa]authorization-scheme auth2 //配置授权机制
[R1-aaa-author-auth2]authorization-mode local //通过本地密码数据库进行认证
[R1-aaa-author-auth2]quit
[R1]telnet server enable //开启Telnet 服务器功能
[R1]aaa
[R1-aaa]domain Huawei //配置管理域
[R1-aaa-domain-huawei]authentication-scheme auth1
[R1-aaa-domain-huawei]authorization-scheme auth2
[R1-aaa-domain-huawei]quit
[R1-aaa]local-user [email protected] password cipher hcia //创建用户名和密码
[R1-aaa]local-user [email protected] service-type telnet //指定服务类型为telnet
[R1-aaa]local-user [email protected] privilege level 0 //分配用户级别为 0
[R1]user-interface vty 0 4
[R1-ui-vty0-4]authentication-mode aaa //指定VTY的认证方式为 AAA
[R1-ui-vty0-4]quit
3)R3远程登录 R1
<R3>telnet 119.84.111.1
Press CTRL_] to quit telnet mode
Trying 119.84.111.1 ...
Connected to 119.84.111.1 ...
Login authentication
Username:[email protected]
Password:
<R1>system-view
^
Error: Unrecognized command found at '^' position.
4)在R3上配置 AAA 功能
[R3]aaa
[R3-aaa]authentication-scheme auth1 //配置认证机制
[R3-aaa-authen-auth1]authentication-mode local //通过本地密码数据库进行认证
[R3-aaa-authen-auth1]quit
[R3-aaa]authorization-scheme auth2 //配置授权机制
[R3-aaa-author-auth2]authorization-mode local //通过本地密码数据库进行认证
[R3-aaa-author-auth2]quit
[R3]telnet server enable //开启Telnet 服务器功能
[R3]aaa
[R3-aaa]domain HCIE //配置管理域
[R3-aaa-domain-HCIE]authentication-scheme auth1
[R3-aaa-domain-HCIE]authorization-scheme auth2
[R3-aaa-domain-HCIE]quit
[R3-aaa]local-user [email protected] password cipher hcia //创建用户名和密码
[R3-aaa]local-user [email protected] service-type telnet //指定服务类型为telnet
[R3-aaa]local-user [email protected] privilege level 0 //分配用户级别为 0
[R3]user-interface vty 0 4
[R3-ui-vty0-4]authentication-mode aaa //指定VTY的认证方式为 AAA
5)R1远程登录R3
<R1>telnet 119.84.111.3
Press CTRL_] to quit telnet mode
Trying 119.84.111.1 ...
Connected to 119.84.111.1 ...
Login authentication
Username:[email protected]
Password:
<R3>system-view
^
Error: Unrecognized command found at '^' position.
上一篇: 理解URI