Standard Login:
—monitormanagersystem-view interface vlan 1 ip address xxx.xxx.xxx.xxx mmm.mmm.mmm.mmm quit ip route-static 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx save
system-view local-user admin password simple xxxxxxxxx quit save
system-view local-user admin service-type ssh level 3 quit save
system-view # RSA-Key erstellen public-key local create rsa -> y -> 2048 public-key local create dsa -> y -> 2048 # Authentifizierungsmethode für Ethernet-Ports auf "AAA" setzen user-interface vty 0 4 authentication-mode scheme # nur SSH erlauben protocol inbound ssh quit # Benutzer erstellen und für SSH freigeben local-user <USER_NAME> password simple <PASSWORD> service-type ssh level 3 quit # Authentifizierungstyp und -service für Benutzer auf "Passwort" setzen ssh user <USER_NAME> authentication-type password ssh user <USER_NAME> service-type stelnet
Erklärung:
User Interface VTY 0 bis 4
user-interface vty 0 4
CAUTION:
protocol inbound { all | ssh | telnet }
| Parameters all | Supports all protocols, including Telnet and SSH. |
|---|---|
| ssh | Supports only SSH. |
| telnet | Supports only Telnet. |
User Authentifizierungstyp einstellen
ssh user username authentication-type { password | rsa | password-publickey | all }
undo ssh user username authentication-type
| username | Valid SSH user name, consisting of a string from 1 to 80 characters long. |
|---|---|
| password | Specifies the authentication type as password. |
| rsa | Specifies the authentication type as RSA public key. |
| password-publickey | Specifies the authentication type as both password and RSA public key. That is, the user can pass the authentication only if both the password and RSA public key are correct. |
| all | Specifies the authentication type as either password or RSA public key. That is, the user can pass the authentication if either the password or RSA public key is correct. |
For the authentication type specified by the password-publickey keyword,
By default, no authentication type is specified for new users, so they cannot access the switch.
New users must specify authentication type. Otherwise, they cannot access the switch. The new authentication type configured takes effect at the next login.
Service Typ für User einstellen
ssh user username service-type { stelnet | sftp | all }
undo ssh user username service-type
| username | Local user name or the user name defined on the remote RADIUS server, consisting of a string from 1 to 80 characters long. |
|---|---|
| stelnet | Sets the service type to Telnet. If no service type is specified, Telnet is used as the default. |
| sftp | Sets the service type to SFTP. |
| all | Includes Telnet and SFTP two services types. |
clock timezone GMT add 02:00:00 clock summer-time Berlin repeating 01:00:00 03/31/2015 01:00:00 10/31/2015 01:00:00 save
system-view ntp-service unicast-peer <IPADRESSE_DE_NTP_PEERS> save
display brief interface GigabitEthernet 1/0/1
interface GigabitEthernet 1/0/1 description <TEXT>
interface GigabitEthernet 1/0/1 undo description
Per Konsole verbinden und Switch einschalten