取消
显示结果 
搜索替代 
您的意思是: 
cancel
公告

December 2020

December 2020

December 2020

366
查看次数
0
有帮助
10
回复
D_W
Beginner
Beginner

请教Telnet 进入思科交换机怎样设置 普通用戶和管理員用戶 ?

用 Telnet 进入思科交换机

1, 普通用戶: 只能查看配置,不能修改和保存.

2, 管理員: 全部功能

10 条回复10
ilay
Collaborator

cisco CLI最高等级是15级,拥有最高的权限

可以将管理员用户设置为15级,其他的需求可以创建不同等级的账户(1-14),然后设置对应level允许执行的命令即可。

 

先参考下边这个吧,我自己之前回复的那个帖子找不到了。

https://community.cisco.com/t5/%E4%BA%A4%E6%8D%A2%E6%8A%80%E6%9C%AF/%E6%8E%A5%E5%85%A5%E5%B1%82%E4%BA%A4%E6%8D%A2%E6%9C%BA-2960%E4%B8%8E3560-%E7%9A%84%E6%9D%83%E9%99%90%E9%85%8D%E7%BD%AE%E9%97%AE%E9%A2%98/td-p/4332919

 

参考2:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/15-0_2_se/configuration/guide/scg3560/swauthen.html

 

D_W
Beginner
Beginner

不起作用,用Telnet 进入時还是之前的密碼,我配置如下:

sh ru
Building configuration...

Current configuration : 5396 bytes
!
! Last configuration change at 01:22:33 UTC Thu May 12 2022
! NVRAM config last updated at 01:22:34 UTC Thu May 12 2022
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname SW_IT
!
boot-start-marker
boot-end-marker
!
enable password 7 104F0B1A54454141464E
!
username admin privilege 15 password 7 045A09055E731F044353
username usera privilege 7 secret 9 $9$fyOA86**bleep**YBMI$xjKCl3abyv/24Y1Y6WCM4fDzq5nMavRWK6aXFu6JjvA
username userb privilege 15 secret 9 $9$5FGwJvftbPNR2Y$y6Y8wiO/EKXwMVSgtmJ7qMUwwVpbVF2Ym22Fw8bkkeI
username audit secret 9 $9$FbCfOuJKo1da1Y$ugnmhTUYslQNbcTdXi9f5PVk0rH.SC/KRbXN.ZLIA6A
no aaa new-model
switch 1 provision ws-c2960x-24pd-l
!
!
!
!
crypto pki trustpoint TP-self-signed-1785914240
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1785914240
revocation-check none
rsakeypair TP-self-signed-1785914240
!
!
crypto pki certificate chain TP-self-signed-1785914240
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373835 39313432 3430301E 170D3232 30343133 30393139
32325A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37383539
31343234 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DC95 4A318D3E 2CB9C659 A59DA323 33646E3C A7ED6866 83F22E28 D1E3D994
0A471A33 EEF92B30 86B48F15 6E33C0F1 2B9A6B32 348A04D5 B30A8A4D 8D3DCFC5
E66ED35C FFB720D5 7F896EDD DE7B518E E0C3F3CC 0397C056 E4BE4079 09305970
54A1A8C1 E201F339 11237F41 737AE3FB 6D7EF423 959AB31F 2DA6B981 D8469379
CDF10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14D1A664 1423275F 600E542D 54E72C46 B902125A E2301D06
03551D0E 04160414 D1A66414 23275F60 0E542D54 E72C46B9 02125AE2 300D0609
2A864886 F70D0101 05050003 818100BD F0F9D5AF 01B1AAD3 CBDDDDB4 71CA7A4A
B9995E72 50D589D3 3CB35D9B FE066F1D 97139D7F B8639B26 E4114272 DCF9D30C
49D92D88 5912BB90 E133C5C4 398C494E E19FFB3B 234CE57F 7D87622C B463DA17
7210415E 8A64B36E 708D15C6 FFAB6106 D169FEEA D72EFA22 1CB4D376 2815545A
CB71EAFA 31F9107A 2C4E45DC 8AB240
quit
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1

........
interface GigabitEthernet1/0/24
switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
no ip address
!
interface Vlan19
ip address 10.109.16.246 255.255.255.0
!
ip default-gateway 10.105.19.1
!
ip http server
ip http secure-server
!
!
!
privilege exec level 1 show startup-config
privilege exec level 1 show running-config
privilege exec level 1 show
!
line con 0
line vty 0 4
password 7 011204070A5955456B06
login
transport input all
line vty 5 15
login
transport input all
!
!
end

SW_IT#

ilay
Collaborator

line vty 0 4 

login local

!

D_W
Beginner
Beginner

(普通用戶,沒起作用)

Username: test1
Password:

SW_IT> show startup-config
startup-config is not present
SW_IT>show running-config
SW_IT>

 

配置如下:

! Last configuration change at 03:33:56 UTC Fri May 13 2022
! NVRAM config last updated at 03:33:56 UTC Fri May 13 2022
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW_IT
!
boot-start-marker
boot-end-marker
!
enable password 7 104F0B1A54454141464E
!
username test1 secret 9 $9$YkFP5pMdoDWNZ2$oFgxUJ7al3DHWg3O135x6YaY4REkndWjYhWcjblAAfs
no aaa new-model
switch 1 provision ws-c2960x-24pd-l
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1785914240
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1785914240
revocation-check none
rsakeypair TP-self-signed-1785914240
!
!
crypto pki certificate chain TP-self-signed-1785914240
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373835 39313432 3430301E 170D3232 30343133 30393139
32325A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37383539
31343234 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DC95 4A318D3E 2CB9C659 A59DA323 33646E3C A7ED6866 83F22E28 D1E3D994
0A471A33 EEF92B30 86B48F15 6E33C0F1 2B9A6B32 348A04D5 B30A8A4D 8D3DCFC5
E66ED35C FFB720D5 7F896EDD DE7B518E E0C3F3CC 0397C056 E4BE4079 09305970
54A1A8C1 E201F339 11237F41 737AE3FB 6D7EF423 959AB31F 2DA6B981 D8469379
CDF10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14D1A664 1423275F 600E542D 54E72C46 B902125A E2301D06
03551D0E 04160414 D1A66414 23275F60 0E542D54 E72C46B9 02125AE2 300D0609
2A864886 F70D0101 05050003 818100BD F0F9D5AF 01B1AAD3 CBDDDDB4 71CA7A4A
B9995E72 50D589D3 3CB35D9B FE066F1D 97139D7F B8639B26 E4114272 DCF9D30C
49D92D88 5912BB90 E133C5C4 398C494E E19FFB3B 234CE57F 7D87622C B463DA17
7210415E 8A64B36E 708D15C6 FFAB6106 D169FEEA D72EFA22 1CB4D376 2815545A
CB71EAFA 31F9107A 2C4E45DC 8AB240
quit
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
lldp run
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 505
switchport mode access
spanning-tree portfast edge

.........
!
interface GigabitEthernet1/0/24
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan16
ip address 10.109.19.246 255.255.255.0
!
ip default-gateway 10.109.19.1
!
ip http server
ip http secure-server
!
!
!
privilege exec level 1 show startup-config
privilege exec level 1 show running-config
privilege exec level 1 show
!
line con 0
line vty 0 4
password 7 011204070A5955456B06
login local
transport input all
line vty 5 15
login
transport input all
!
!
end

ilay
Collaborator

privilege level 1默认是看不了完整的running-config的,包括其他非15级的账号。

当前等级的账号只能查看当前level所拥有配置权限的相关配置,

例如:level 5的账号A可以通过interface进入全局接口配置,那么该等级 show run只能看到接口相关的配置,其他的同样看不到。

SW#sh run | in level 5
privilege interface level 5 spanning-tree
privilege interface level 5 ip address
privilege interface level 5 ip
privilege interface level 5 switchport
privilege configure level 5 interface
privilege exec level 5 configure terminal
privilege exec level 5 configure
privilege exec level 5 show processes
SW#

====

远程测试效果:

SW#sh priv
Current privilege level is 5
SW#show run
Building configuration...

Current configuration : 413 bytes
!
! Last configuration change at 07:15:41 UTC Fri May 13 2022
!
boot-start-marker
boot-end-marker
!
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/0
no switchport
ip address 10.1.1.1 255.255.255.0
!
interface GigabitEthernet1/0
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
!
end

SW#

 

如果想在非15级查看完整running config,可以通过 show running-config view full命令查看,如果执行不了,在对应的level设置允许即可。show startup-config 应该存盘之后就能看

D_W
Beginner
Beginner

已經保存了,还是看不了,level怎样设置允许?

 

Username: test1
Password:
SW_IT>show running-config view full
^
% Invalid input detected at '^' marker.

SW_IT>sh running-config
SW_IT>sh startup-config
startup-config is not present
SW_IT>

 

username test1 secret 9 $9$YkFP5pMdoDWNZ2$oFgxUJ7al3DHWg3O135x6YaY4REkndWjYhWcjblAAfs

privilege exec level 1 show startup-config
privilege exec level 1 show running-config
privilege exec level 1 show

ilay
Collaborator

在对应的level后填写允许的命令就是在该级别允许执行。你设置privilege exec level 1 show running-config就是允许在privilege 1的级别执行show run.

你敲show running-config view full有问题的话需要再把这条命令在level1 设置一下。

我目前就设置了下面几条,就可以正常查看startup config和running config(用show run view full查看的),物理设备测试都正常(型号:WS-C2960X-24PS-L 版本:15.2(2)E5)

privilege exec level 1 show startup-config
privilege exec level 1 show running-config view full
privilege exec level 1 show running-config view
privilege exec level 1 show running-config
privilege exec level 1 show

 

D_W
Beginner
Beginner
D_W
Beginner
Beginner

Username: test1
Password:
SW_IT>sh running-config view full
SW_IT>sh running-config view
SW_IT>sh startup-config
startup-config is not present
SW_IT>

 

已經配置了,还是一样,show沒有看到

privilege exec level 1 show startup-config
privilege exec level 1 show running-config view full
privilege exec level 1 show running-config view
privilege exec level 1 show running-config
privilege exec level 1 show

 

Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C2960X-24PD-L 15.2(7)E5  C2960X-UNIVERSALK9-M

 

ilay
Collaborator

配置其他的level试试,别用level 1了

创建
认可您的同行
Content for Community-Ad