环境拓扑准备:
假装是两台交换机相连(都一样)
一、研究console口下的login、login local、no login的区别
Ruijie>ena————————————————//用户模式
Ruijie#conf ter——————————————//特权模式
Ruijie(config)#hostname jierui ——————//配置模式 -----修改设备名称
jierui(config)#line console 0 ———————//进入console口
jierui(config-line)#exec-timeout 0 0————//配置超时连接为永不超时(默认超时时间为10分钟)
jierui(config-line)#login local
jierui(config-line)#exit——————————//退出console口
jierui(config)#username ruijie password ruijie123—————//进入配置模式,设置用户名和密码
jierui#exi Press RETURN to get started User Access Verification Username:ruijie Password: User's password is too weak. Please change the password! Last login: Nov 12 2021 23:39:25 from 1.1.1.2 through telnet. jierui>ena Warning: It is not safe without enable authentication, it is recommended to set enable authentication. *Nov 16 20:53:14: %SYS-5-PRIV_AUTH_SUCCESS: Authentication to privilege level 15 from console success by ruijie. jierui#
此时退出特权模式,再登陆时,需要输入用户名和密码
jierui(config)#line console 0
jierui(config-line)#login
jierui#exit Press RETURN to get started Warning: It is not safe without login authentication, it is recommended to set login authentication. Last login: Nov 12 2021 23:52:00 from 1.1.1.2 through telnet. jierui>ena Warning: It is not safe without enable authentication, it is recommended to set enable authentication. *Nov 16 20:54:08: %SYS-5-PRIV_AUTH_SUCCESS: Authentication to privilege level 15 from console success. jierui#
此时退出特权模式,再登陆时,不需要输入用户名和密码,username+password命令失效
jierui(config)#no username ruijie
jierui(config)#line console 0
jierui(config-line)#password ruijie123——————————//console口下配置密码
jierui(config-line)#end—————————————————//退回到用户模式
jierui#exit Press RETURN to get started User Access Verification Password: Last login: Nov 16 2021 20:54:07 through console. jierui> jierui>ena Warning: It is not safe without enable authentication, it is recommended to set enable authentication. *Nov 16 20:55:05: %SYS-5-PRIV_AUTH_SUCCESS: Authentication to privilege level 15 from console success. jierui#
此时退出特权模式,再登陆时,需要输入刚刚在console口下设置的密码
jierui(config)#line console 0
jierui(config-line)#no login
jierui(config-line)#show this——————————————//查看当前模式下的所有配置
Building configuration…
! ———————————————//没有显示no login命令说明当前默认配置就是no login
exec-timeout 0 0
password ruijie123
!
jierui#exit Press RETURN to get started Warning: It is not safe without login authentication, it is recommended to set login authentication. Last login: Nov 16 2021 20:55:04 through console. jierui>ena Warning: It is not safe without enable authentication, it is recommended to set enable authentication. *Nov 16 20:55:50: %SYS-5-PRIV_AUTH_SUCCESS: Authentication to privilege level 15 from console success. jierui#
此时退出特权模式,再登陆时,不需要密码
总结:
在console口下的login、login local、no login的区别
通过实验结果表明,
在console口下配置:login +password===》当退出后再登陆特权模式时,需要输入密码
在console口下配置:login +全局配置模式配置:username + password===》此时用户密码不生效,不需要输入密码
在console口下配置:login loca+配置模式下配置:username +password ===》当退出后再登陆特权模式时,需要输入密码
在console口下配置:no login===》当退出后再登陆特权模式时,不需要输入密码
console口下配置login +全局配置模式配置username + password,此时用户密码不生效
二、研究vty口下的login、login local、no login的区别
SW1:
Ruijie(config)#int g0/1————————————————//进入接口0/1
实际上完整的命令应该是interface gigabitEthernet 0/1,但是在这里命令简写时候代表唯一性,即可简写
Ruijie(config-if-GigabitEthernet 0/1)#no switchport —————//由于是交换机,所以交换口要先关闭交换功能,使其变成路由口才可以继续配置IP
Ruijie(config-if-GigabitEthernet 0/1)#ip address 1.1.1.1 24————————//配置掩码为/24位的IP地址
Ruijie(config-if-GigabitEthernet 0/1)#no shutdown ———————————//打开接口
Ruijie(config)#hostname jierui——————————————//修改设备名字
jierui(config)#
SW2:——————————//SW2同理
Ruijie(config)#int g0/1
Ruijie(config-if-GigabitEthernet 0/1)#no switchport
Ruijie(config-if-GigabitEthernet 0/1)#ip ad 1.1.1.2 24
Ruijie(config-if-GigabitEthernet 0/1)#no shutdown
Ruijie(config)#hostname tangmu
tangmu(config)#
验证IP是否配置成功:show ip interface brief
!
jierui#show ip int brief Interface IP-Address(Pri) IP-Address(Sec) Status Protocol GigabitEthernet 0/1 1.1.1.1/24 no address up up
tangmu#show ip int brief Interface IP-Address(Pri) IP-Address(Sec) Status Protocol GigabitEthernet 0/1 1.1.1.2/24 no address up up
验证连接互通性:
tangmu#ping 1.1.1.1 Sending 5, 100-byte ICMP Echoes to 1.1.1.1, timeout is 2 seconds: < press Ctrl+C to break > !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms.
jierui(config)#line vty 0 4
jierui(config-line)#login local
jierui(config-line)#exit
jierui(config)#username ruijie password ruijie
jierui(config)#enable service telnet-server ————————————//设备开启telnet服务
tangmu#telnet 1.1.1.1 Trying 1.1.1.1, 23... User Access Verification Username:ruijie Password: User's password is too weak. Please change the password! Last login: Nov 16 2021 20:53:12 through console. jierui>ena Password required, but none set jierui>
此时tangmu登陆jierui时候,需要输入用户名和密码
但是只能登录到用户模式,进一步登陆,提示没有设置密码
此时要登陆jierui则要在jierui设备的配置模式上开启密码
jierui(config)#enable password ruijie———————————//配置模式下开启密码
tangmu#telnet 1.1.1.1 Trying 1.1.1.1, 23... User Access Verification Username:ruijie Password: User's password is too weak. Please change the password! Last login: Nov 16 2021 21:00:47 from 1.1.1.2 through telnet. jierui> jierui> jierui>ena Password: User's password is too weak. Please change the password! jierui#
设置完enable密码,tangmu即可登陆jierui进行配置
jierui(config-line)#login
jierui#telnet 1.1.1.1 Trying 1.1.1.1, 23... Password required, but none set jierui#
此时提示没有设置密码,因此要在vty接口下设置密码才可以登陆
jierui(config)#line vty 0 4
jierui(config-line)#password ruijie123
这时候只能登陆到ruijie的用户模式,进一步登陆提示没有设置密码
因此要在配置模式下设置一个enable密码
jierui(config-line)#exit
jierui(config)#enable password ruijie123
jierui#telnet 1.1.1.1 Trying 1.1.1.1, 23... User Access Verification Password: Last login: Nov 16 2021 21:00:22 from 1.1.1.2 through telnet. jierui>ena Password: User's password is too weak. Please change the password! jierui#
此时可以登陆jierui进行配置
jierui(config)#line vty 0 4
jierui(config-line)#no login
tangmu#telnet 1.1.1.1 Trying 1.1.1.1, 23... Warning: It is not safe without login authentication, it is recommended to set login authentication. Last login: Nov 16 2021 21:06:51 from 1.1.1.2 through telnet. jierui>ena Password: User's password is too weak. Please change the password!
可以发现登陆ruijie时不需要密码,但是登录到特权模式仍然需要密码
jierui(config)#no enable password ——————————//将enable密码删除
tangmu#telnet 1.1.1.1 Trying 1.1.1.1, 23... Warning: It is not safe without login authentication, it is recommended to set login authentication. Last login: Nov 16 2021 21:06:57 from 1.1.1.2 through telnet. jierui>ena Password required, but none set jierui>
把enable密码删除更加登陆不了
这时候如果非要不用密码就可以登陆设备,可以怎么弄?
jierui(config)#line vty 0 4
jierui(config-line)#privilege level 15 ———————— //默认为1,设置用户最低权限为15,即可不用输入密码即可登陆设备
tangmu#telnet 1.1.1.1 Trying 1.1.1.1, 23... Warning: It is not safe without login authentication, it is recommended to set login authentication. Last login: Nov 16 2021 21:08:03 from 1.1.1.2 through telnet. jierui#
总结:
通过实验结果表明,
在vty口下配置:login +password===》登陆设备,需要输入密码
在vty口下配置:login +全局配置模式配置:username + password===》此时用户名+密码不生效,不需要输入密码
在vty口下配置:login loca+配置模式下配置:username +password ===》登陆设备,需要输入用户名+密码
在vty口下配置:no login===》登陆设备,不需要输入密码
无论那种情况,都需要存在enable password才可以登陆设备
除非
vty模式下配置privilege level 15 设置为最低权限,即可不用输入任何密码就可以登陆
