admin@huawei.com
#==============安装weakea插件===========================
load-module weakea
Info: Load weakea_V200R021C10SPC600.mod from the startup system software to $_install_mod/weakea_V200R021C10SPC600.mod. You can run the install-module weakea_V200R021C10SPC600.mod command to install it.
install-module weakea_V200R021C10SPC600.mod
load-module weakea
Error: Unrecognized command found at '^' position.
以上提示本地不存在该插件,原因是从
V200R019C10SPC500到v200R020需要到华为官网下载WEAKEA插件【需要用到华为账户下载后FTP上传到交换机,不推荐】
可以在系统视图直接执行 ssh server publickey rsa
[JBZHSL-S7706] ssh server publickey rsa
设备生成的指定秘钥算法配置等类似如下:
#ssh server cipher aes256_ctr aes128_ctr
#ssh server hmac sha2_256
#ssh server key-exchange dh_group_exchange_sha1 dh_group14_sha1 dh_group1_sha1
#ssh client cipher aes256_ctr aes128_ctr
#ssh client hmac sha2_256
#ssh client key-exchange dh_group_ssh client key-exchange dh_group_exchange_sha1 dh_group14_sha1 dh_group1_sha1
#ssh server publickey rsa_sha2_512 rsa_sha2_256
将上述算法全部undo掉
sys
undo ssh server cipher
undo ssh server hmac
undo ssh server key-exchange
undo ssh client cipher
undo ssh client hmac
undo ssh client key-exchange
undo ssh server publickey
v200R020版本起有登录源接口限制 建议配置:
ssh server-source all-interface
qu
#==============开始配置交换机===========================
#查看当前所有配置
dis cur
#查看端口/网口状态和配置简要信息
dis int bri
#关闭终端显示调试/日志/告警信息功能
undo terminal monitor
#查看Eth-Trunk接口的状态信息
dis cur interface Eth-Trunk
#查看STP状态信息
dis stp br
#查看NTP状态信息
dis ntp status
dis clock
#查看安装信息
dis startup
#进入系统视图,并清除console口密码
sys
user-interface console 0
undo authentication-mode
y
#配置LLDP/NTP/SNMP
qu
lldp enable
ntp-service ipv6 disable
y
ntp-service ipv6 server disable
y
ntp-service sync-interval 180
ntp-service server disable
undo ntp-service disable n
undo ntp-service server disable
ntp-service unicast-server 203.107.6.88
clock timezone BJ add 08:00:00
snmp-agent
snmp-agent community read yto_public
snmp-agent community write yto_write
snmp-agent sys-info version v2c v3
snmp-agent protocol source-status all-interface
undo snmp-agent protocol source-status ipv6 all-interface
#配置VPN实例和STP
ip vpn-instance mgmt
ipv4-family
qu
stp region-configuration
region-name mgmt
instance 2828 vlan 2828
active region-configuration
qu
stp pathcost-standard dot1t
stp enable
#添加VLAN 3 7 2828
vlan batch 3 7 2828
#配置管理口和带外管理和说明
int vlan 3
description # Switch_MGMT #
ip address 10.150.65.86 255.255.255.0
int vlan 2828
ip binding vpn-instance mgmt
description # To-ShenZhen_MGMT_HX_JF_S5736-S #
ip address 10.144.3.86 255.255.255.0
qu
ip route-static vpn-instance mgmt 0.0.0.0 0.0.0.0 10.144.3.1
ip route-static 0.0.0.0 0.0.0.0 10.150.65.1
#创建链路聚合端口(其它Trunk接口配置类似,两个交换机的trunk接口相连,可以互通Vlan)
interface Eth-Trunk 27
description # ShenZhen_CZ_HX_JF_S7706 #
port link-type trunk
port trunk allow-pass vlan all
#将端口聚合到Trunk 27 中--(连接核心交换机的端口)
interface Eth-Trunk 27
trunkport g0/0/27
trunkport g0/0/28
#配置带外管理端口
interface g0/0/25
description # mgmt #
port link-type access
port default vlan 2828
#配置业务口
int range g0/0/1 to g0/0/24
description # ShenZhen_JG_JCD01_IND #
port link-type access
port default vlan 7
#修改交换机名称(每个中心名称不一样)
[FutureMatrix] sysname ShenZhen_CZ_JR_JXD07_S5735-L
#================================================
#退出,保存
[FutureMatrix-port-group]qu
[FutureMatrix]qu
sa
The current configuration will be written to flash:/vrpcfg.zip.
Are you sure to continue?[Y/N]y
#==============配置ssh===========================
1、 首先开启ssh服务
stelnet server enable
ssh authentication-type default password
2、创建本地RSA密钥对
rsa local-key-pair creat
y
2048
3、配置vty界面支持的登录协议
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user privilege level 15 //protocol inbound all这里选择ssh或ALL都可最好选择ssh
4、进入aaa模式配置用户和用户权限以及登录方式
aaa
local-user admin password cipher yto.net.cn
local-user admin privilege level 15
local-user admin service-type ssh
5、ssh添加用户
ssh user admin
ssh user admin authentication-type password
ssh user admin service-type stelnet
undo ssh user root
6、解除连接限制
ssh client first-time enable
ssh server-source all-interface
y
#下面这条不需要加,不安装weakea补丁时需要
#ssh server-source -i Vlanif3
7、关闭密码策略
aaa
undo local-aaa-user password policy administrator
#==============配置ssh完成,保存所有配置===========================
[FutureMatrix-port-group]qu
[FutureMatrix]qu
sa
The current configuration will be written to flash:/vrpcfg.zip.
Are you sure to continue?[Y/N]y
8、修改密码(需要时使用)
local-user admin password irreversible-cipher YTO_admin