No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, and AR530 V200R007 CLI-based Configuration Guide - Ethernet Switching

This document describes the configuration of Ethernet services, including configuring transparent bridge, MAC table, link aggregation, VLANs, STP/RSTP/MSTP, and so on.The document provides the configuration procedures and configuration examples to illustrate the service configuration methods and application scenario.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring an mVLAN to Implement Remote Management

Example for Configuring an mVLAN to Implement Remote Management

Networking Requirements

As shown in Figure 3-24, users need to securely log in to the Router for remote management. There is no idle management interface on the Router.

Figure 3-24  Configuring an mVLAN to implement remote management

Configuration Roadmap

A management interface or VLANIF interface of an mVLAN can be used to log in to the device for remote management. The device has no idle management interface, so the mVLAN is used. STelnet is used to ensure login security. The configuration roadmap is as follows:

  1. Configure an mVLAN on the Router and add an interface to the mVLAN.

  2. Configure a VLANIF interface and assign an IP address to it on the Router.

  3. Enable STelnet on the Router and configure an SSH user.

  4. Log in to the Router using STelnet from a user PC.

NOTE:
  • The user PC needs to be configured with the software for logging in to the SSH server, key pair generation software, and public key conversion software.
  • To ensure device security, change the password periodically.

Procedure

  1. Configure an mVLAN and add an interface to the mVLAN.

    # Create VLAN 10 on the Router and specify VLAN 10 as the mVLAN, and add Eth2/0/0 to VLAN 10 in tagged mode.

    <Huawei> system-view
    [Huawei] sysname Router
    [Router] vlan 10
    [Router-vlan10] management-vlan
    [Router-vlan10] quit
    [Router] interface ethernet 2/0/0
    [Router-Ethernet2/0/0] port link-type trunk
    [Router-Ethernet2/0/0] port trunk allow-pass vlan 10
    [Router-Ethernet2/0/0] quit

  2. Configure a VLANIF interface and assign an IP address to the VLANIF interface.

    # Create VLANIF 10 on the Router and configure the IP address of 10.10.10.2/24 for it.

    [Router] interface vlanif 10
    [Router-Vlanif10] ip address 10.10.10.2 24
    [Router-Vlanif10] quit
    

  3. Enable the STelnet service and configure an SSH user.

    1. Configure the Router to generate a local key pair.

      [Router] rsa local-key-pair create
      The key name will be: Host
      The range of public key size is (512 ~ 2048).
      NOTES: If the key modulus is less than 2048,
             It will introduce potential security risks.
      Input the bits in the modulus[default = 2048]:2048
      Generating keys...
      ........++++++++
      ..++++++++
      ............+++++++++
      ......+++++++++
      
      
    2. Configure an SSH user.

      # Configure the VTY user interface on the Router.

      [Router] user-interface vty 0 14
      [Router-ui-vty0-14] authentication-mode aaa
      [Router-ui-vty0-14] protocol inbound ssh
      [Router-ui-vty0-14] quit

      # Create an SSH user named client001 on the Router and configure password authentication.

      [Router] aaa
      [Router-aaa] local-user client001 password irreversible-cipher Huawei@123
      [Router-aaa] local-user client001 privilege level 3
      [Router-aaa] local-user client001 service-type ssh
      [Router-aaa] quit
      [Router] ssh user client001 authentication-type password
    3. Enable the STelnet service.

      # Enable the STelnet service on the Router.

      [Router] stelnet server enable

      # Configure the STelnet service for SSH user client001.

      [Router] ssh user client001 service-type stelnet
    NOTE:

    The PC connects to Router through the intermediate device. The intermediate device needs to transparently transmit packets from mVLAN 10 and has a route from 10.1.1.1/24 to 10.10.10.2/24.

  4. Verify the configuration.

    # After the configuration is complete, the user can log in to the Router from the PC using password authentication.

    # Run the Putty software on the user PC. The dialog box shown in Figure 3-25 is displayed. Enter 10.10.10.2 (IP address of the Router) and select SSH.

    Figure 3-25  Configuring an mVLAN to implement remote management

    # Click Open. On the page that is displayed on the Router, enter the user name and password, and press Enter.

    login as: client001
    SSH server: User Authentication
    Using keyboard-interactive authentication.
    Password:
    
    Info: The max number of VTY users is 10, and the number
          of current VTY users on line is 1.
          The current login time is 2014-02-25 05:45:41+00:00.
    <Router>

    # The user can successfully log in to the Router for remote management.

Configuration Files

Router configuration file

#
sysname Router
#
vlan batch 10
#
vlan 10
 management-vlan
#
aaa
 local-user client001 password irreversible-cipher %^%#EqZEVTq=/@T2XM0q0W{Ec[Fs2@&4YII@-=(lbr[K>4Dq76]3#BgqMOAxu^%$%^%#
 local-user client001 privilege level 3
 local-user client001 service-type ssh
#
interface Vlanif10
 ip address 10.10.10.2 255.255.255.0
#
interface Ethernet2/0/0
 port link-type trunk
 port trunk allow-pass vlan 10
# 
stelnet server enable
ssh user client001
ssh user client001 authentication-type password
ssh user client001 service-type stelnet
# 
user-interface vty 0 14
 authentication-mode aaa
#
return
Translation
Download
Updated: 2019-05-25

Document ID: EDOC1000097279

Views: 20047

Downloads: 64

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next