本文详细介绍了一种基于AAA认证的网络配置方案,包括认证、授权、计费配置及本地用户的权限设定。此外还介绍了telnet管理地址配置、端口类型配置、MAC地址认证、IP源检查等网络管理细节。
aaa //AAA认证配置
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password irreversible-cipher mima //设置密码为mima新版本中,必须要irreversible-cipher,原来cipher已经不允许登陆了
local-user admin privilege level 15
local-user admin service-type telnet terminal
interface Vlanif1 //配置telnet管理地址
ip address 10.1.0.6 255.255.255.0
interface GigabitEthernet0/0/1 //接入口配置,根据需求配置
port link-type access
port default vlan 3
mac-authen max-user 1
ip source check user-bind enable
ip route-static 0.0.0.0 0.0.0.0 10.1.0.2 //设置默认路由
user-interface con 0 //设置console口
authentication-mode password
set authentication password cipher mima
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
interface GigabitEthernet0/0/25 //上行口配置
port link-type trunk //接口传输模式为trunk
port trunk allow-pass vlan 2 to 4094 //允许vlan通信
如果有光口的,在光口也配置这两条
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password irreversible-cipher mima //设置密码为mima新版本中,必须要irreversible-cipher,原来cipher已经不允许登陆了
local-user admin privilege level 15
local-user admin service-type telnet terminal
interface Vlanif1 //配置telnet管理地址
ip address 10.1.0.6 255.255.255.0
interface GigabitEthernet0/0/1 //接入口配置,根据需求配置
port link-type access
port default vlan 3
mac-authen max-user 1
ip source check user-bind enable
ip route-static 0.0.0.0 0.0.0.0 10.1.0.2 //设置默认路由
user-interface con 0 //设置console口
authentication-mode password
set authentication password cipher mima
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
interface GigabitEthernet0/0/25 //上行口配置
port link-type trunk //接口传输模式为trunk
port trunk allow-pass vlan 2 to 4094 //允许vlan通信
如果有光口的,在光口也配置这两条
扫一扫
3194
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
