Protecting Management Access презентация

Октябрь 9, 2021

Главная
Информатика
Protecting Management Access

Содержание

28. AUX user interface Manages and monitors users who log in through the console port (out-of-band management)
29. • VTY (virtual terminal line) user interface Manages and monitors users who log in through Telnet
34. system-view [Comware5] user-interface aux 0 [Comware5-ui-aux0] authentication-mode password [Comware5-ui-aux0] set authentication password simple [Comware5-ui-aux0] authorization attribute
36. system-view [Comware5] user-interface aux 0 [Comware5-uiaux0] authentication-mode scheme [Comware5-uiaux0] command authorization [Comware5-uiaux0] command accounting [Comware5-uiaux0] quit
37. [Comware5-uia-ux0] authentication default local [Comware5-uia-ux0] local-user [Comware5-uia-ux0] quit [Comware5-uia-ux0] password simple [Comware5-uia-ux0] authorization attribute level 3
52. If the super commands listed earlier were entered on the switch, you could use a super
53. In this example, you could use the super password — hp in the example — to
54. In this example, you could then switch to level 3, using the super password, hp. .
58. Скачать презентацию

Слайд 2

Слайд 3

Слайд 4

Слайд 5

Слайд 6

Слайд 7

Слайд 8

Слайд 9

Слайд 10

Слайд 11

Слайд 12

Слайд 13

Слайд 14

Слайд 15

Слайд 16

Слайд 17

Слайд 18

Слайд 19

Слайд 20

Слайд 21

Слайд 22

Слайд 23

Слайд 24

Слайд 25

Слайд 26

Слайд 27

Слайд 28

AUX user interface
Manages and monitors users who log in through

the console port (out-of-band management) on Comware switches. The type of the console port is EIA/TIA-232 DTE. The interface ID is aux0.
• CON user interface
Manages and monitors users who log in through the console port (out-of-band management) on Comware routers. The interface ID is con0.

Слайд 29

• VTY (virtual terminal line) user interface
Manages and monitors users who

log in through Telnet or SSH (in-band management). A Comware switch can support more than one such session, so it has multiple VTY interfaces. The interface IDs are vty 0, vty1, and so on, to vty n (in which n is the number of sessions supported minus one). To find out the number of sessions supported on a particular switch, refer to the switch documentation to. You can also enter the user-interface vty 0 ? command in the Comware CLI to find the range for VTY interface IDs. The user interface (also called a line) allows you to manage and monitor terminal sessions between a management station and the switch. The Comware CLI has a view associated with each interface, which you access with this command: user-interface .

Слайд 30

Слайд 31

Слайд 32

Слайд 33

Слайд 34

system-view
[Comware5] user-interface aux 0
[Comware5-ui-aux0] authentication-mode password
[Comware5-ui-aux0] set authentication password

simple
[Comware5-ui-aux0] authorization attribute level 3

Слайд 35

Слайд 36

system-view
[Comware5] user-interface aux 0
[Comware5-uiaux0] authentication-mode scheme
[Comware5-uiaux0] command authorization
[Comware5-uiaux0] command

accounting
[Comware5-uiaux0] quit

Слайд 37

[Comware5-uia-ux0] authentication default local
[Comware5-uia-ux0] local-user
[Comware5-uia-ux0] quit
[Comware5-uia-ux0] password simple
[Comware5-uia-ux0]

authorization attribute level 3

Слайд 38

Слайд 39

Слайд 40

Слайд 41

Слайд 42

Слайд 43

Слайд 44

Слайд 45

Слайд 46

Слайд 47

Слайд 48

Слайд 49

Слайд 50

Слайд 51

Слайд 52

If the super commands listed earlier were entered on the switch,

you could use a super password - hp, in this example - to move to a different privilege level.

If you tried to move to system view, however, you would see the following message:
You cannot reach the system view and use configuration commands at this level.

Слайд 53

In this example, you could use the super password — hp

in the example — to switch to privilege level 2:

With this privilege level, you could move to the system view.
As you see, you can now access all the system view commands. If you returned to the user view and attempted to view the file directory, however, you would find that you do not have rights to enter this command.
[Comware-1] quit
dir
^ % Unrecognized command found at '^' position.

Слайд 54