First, we will discuss the Huawei 3COM router configuration Environment and the Environment for Huawei 3COM router configuration. Today, we will introduce the basic status, password settings, and IP address settings of the Huawei 3COM vro. For vro settings, please refer to the relevant documentation. This article will not be detailed.
How can we save the modified information after several commands are configured? By default, although the command can take effect immediately after it is executed, the command is saved in the "current configuration file", which is also the current-configuration. The configuration file disappears with the restart of the vro. If you want to thoroughly Save the configuration command, you need to save it to the saved-configuration. The command is as follows:
◆ Save the current configurations of the Huawei 3COM vro to the saved-configuration. The configuration is still valid after the vro is restarted. Save
◆ When an error occurs in the configuration of the Huawei 3COM router, We need to read the original saved-configuration and overwrite the current-configuration. In this case, the reboot router can be restarted, read the configuration of saved-configuration into the current-configuration file at startup.
TIPS: If a configuration command error occurs, we cannot log on to the vro and enter the reboot command, you can manually unplug the vro and restart it, which is the same as executing the reboot command.
Huawei 3COM vro configuration allows remote login to vro
How can we effectively manage Huawei 3COM routing devices? The most common method is to use the telnet command. As mentioned above, if an interface IP address of a vro is 192.168.1.1, then we can execute the telnet 192.168.1.1 command on any PC that has been connected to the network to log on to the vro setting interface.
By default, the telnet function is enabled on the Huawei 3COM device. That is to say, we can connect to the control interface of the vro through the CONSOLE port of the Management CONSOLE without any configuration, but also use telnet for management, however, in order to allow us to manage routers more efficiently, we will introduce in detail how to configure the Huawei 3COM router to allow remote login to the router.
By default, we can use "telnet this IP address" to log on to the management interface after setting an interface of the router. The user name and password are useless when you log on to the vro. Because no security guarantee is provided by default, you do not need to enter the password after telnet, so we need to modify the default settings. Only the correct user name and password can be set to log on to the vro. To improve the security of the vro, we need to manage the vro with authentication.
◆ Enter the vro management interface, enter "local-user softer service-type exec-administrator password simple 111111", and press Enter.
◆ In this way, we have completed the steps of adding authentication to the vro. The vro has a user with the administrator ID, the username is softer, And the password is 111111.
◆ The user name and password prompt will appear when you log on to the vro again. You can log on correctly only when you enter the softer username and password 111111.
◆ Tips: After configuring the Huawei 3COM vro above, whether remotely managed via telnet or directly using the console, you must first pass the authentication check.
Allow users of a certain IP address to manage vrouters remotely. As the saying goes, the more limited the permissions are, the less secure it is. If telnet is enabled, even if authentication is added, any computer in the network can access and manage the routing device, which brings certain security risks to actual use. For example, if the network administrator accidentally tells someone the password, the user who knows the password can control the vro at will.
In fact, the Huawei 3COM router also provides us with a remote management range filter function, which can provide dual insurance for Our routers, even if the password is known by others, as long as he cannot access the control room of the network administrator, he cannot operate the router.
Introduction to the vro configuration environment of Huawei 3COM:
The IP address of the computer in the control room of the network administrator is 192.168.1.253. We want to set up the Huawei 3COM device to allow only this IP address to access the vrotelnet management interface through telnet, where the vro Ethernet interface IP address is 192.168.1.1.
◆ Enter the vro management interface, enter "local-user softer service-type exec-administrator password simple 111111", and press enter to create a user to add the authentication function to the vro.
◆ Enter "acl 101" without spaces) and press enter to create an access control list. We can use this list to restrict the remote management of router addresses.
◆ Enter "rule permit tcp source 192.168.1.253 0.0.0.0 destination 192.168.1.1 0.0.0.0 eq telnet", which means only computers with the IP address 192.168.1.253 can access the Ethernet interface 192.168.1.1 through telnet ).
◆ By default, the access control list of Huawei 3COM devices is "Allowed", so we also need to add "Deny rules ". Enter "rule deny tcp source any destination 192.168.1.1 0.0.0.0 eq telnet", so that other computers cannot access the Ethernet interface 192.168.1.1 through telnet.
◆ Apply the access control list on the Ethernet interface 192.168.1.1. The command is "firewall packet-filter 101 inbound ". After the configuration is complete, only devices with ip address 192.168.1.253 can log on to the vro1.1 192.168.1.1. Other devices cannot log on even if they know the authentication information.