layout: post title: “分区网络调试脚本” subtitle: “ "脚本"” date: 2024-12-29 12:00:00 author: “Hux” header-img: “img/post-bg-2015.jpg” catalog: true tags: - opcode —
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
admin@huawei.com
#==============安装weakea插件===========================
<JBZHSL-S7706>load-module weakea
Info: Load weakea_V200R021C10SPC600.mod from the startup system software to $_install_mod/weakea_V200R021C10SPC600.mod. You can run the install-module weakea_V200R021C10SPC600.mod command to install it.
<JBZHSL-S7706>install-module weakea_V200R021C10SPC600.mod
<JBZHSL-S7706>load-module weakea
Error: Unrecognized command found at '^' position.
以上提示本地不存在该插件,原因是从
V200R019C10SPC500到v200R020需要到华为官网下载WEAKEA插件【需要用到华为账户下载后FTP上传到交换机,不推荐】
可以在系统视图直接执行 ssh server publickey rsa
[JBZHSL-S7706] ssh server publickey rsa
设备生成的指定秘钥算法配置等类似如下:
#ssh server cipher aes256_ctr aes128_ctr
#ssh server hmac sha2_256
#ssh server key-exchange dh_group_exchange_sha1 dh_group14_sha1 dh_group1_sha1
#ssh client cipher aes256_ctr aes128_ctr
#ssh client hmac sha2_256
#ssh client key-exchange dh_group_ssh client key-exchange dh_group_exchange_sha1 dh_group14_sha1 dh_group1_sha1
#ssh server publickey rsa_sha2_512 rsa_sha2_256
将上述算法全部undo掉
sys
undo ssh server cipher
undo ssh server hmac
undo ssh server key-exchange
undo ssh client cipher
undo ssh client hmac
undo ssh client key-exchange
undo ssh server publickey
v200R020版本起有登录源接口限制 建议配置:
ssh server-source all-interface
qu
#==============开始配置交换机===========================
#查看当前所有配置
dis cur
#查看端口/网口状态和配置简要信息
dis int bri
#关闭终端显示调试/日志/告警信息功能
undo terminal monitor
#查看Eth-Trunk接口的状态信息
dis cur interface Eth-Trunk
#查看STP状态信息
dis stp br
#查看NTP状态信息
dis ntp status
dis clock
#查看安装信息
dis startup
#进入系统视图,并清除console口密码
sys
user-interface console 0
undo authentication-mode
y
#配置LLDP/NTP/SNMP
qu
lldp enable
ntp-service ipv6 disable
y
ntp-service ipv6 server disable
y
ntp-service sync-interval 180
ntp-service server disable
undo ntp-service disable n
undo ntp-service server disable
ntp-service unicast-server 203.107.6.88
clock timezone BJ add 08:00:00
snmp-agent
snmp-agent community read yto_public
snmp-agent community write yto_write
snmp-agent sys-info version v2c v3
snmp-agent protocol source-status all-interface
undo snmp-agent protocol source-status ipv6 all-interface
#配置VPN实例和STP
ip vpn-instance _mgmt_
ipv4-family
qu
stp region-configuration
region-name _mgmt_
instance 2828 vlan 2828
active region-configuration
qu
stp pathcost-standard dot1t
stp enable
#添加VLAN 3 7 2828
vlan batch 3 7 2828
#配置管理口和带外管理和说明
int vlan 3
description # Switch_MGMT #
ip address 10.150.65.86 255.255.255.0
int vlan 2828
ip binding vpn-instance _mgmt_
description # To-ShenZhen_MGMT_HX_JF_S5736-S #
ip address 10.144.3.86 255.255.255.0
qu
ip route-static vpn-instance _mgmt_ 0.0.0.0 0.0.0.0 10.144.3.1
ip route-static 0.0.0.0 0.0.0.0 10.150.65.1
#创建链路聚合端口(其它Trunk接口配置类似,两个交换机的trunk接口相连,可以互通Vlan)
interface Eth-Trunk 27
description # ShenZhen_CZ_HX_JF_S7706 #
port link-type trunk
port trunk allow-pass vlan all
#将端口聚合到Trunk 27 中--(连接核心交换机的端口)
interface Eth-Trunk 27
trunkport g0/0/27
trunkport g0/0/28
#配置带外管理端口
interface g0/0/25
description # _mgmt_ #
port link-type access
port default vlan 2828
#配置业务口
int range g0/0/1 to g0/0/24
description # ShenZhen_JG_JCD01_IND #
port link-type access
port default vlan 7
#修改交换机名称(每个中心名称不一样)
[FutureMatrix] sysname ShenZhen_CZ_JR_JXD07_S5735-L
#================================================
#退出,保存
[FutureMatrix-port-group]qu
[FutureMatrix]qu
<FutureMatrix>sa
The current configuration will be written to flash:/vrpcfg.zip.
Are you sure to continue?[Y/N]y
#==============配置ssh===========================
1、 首先开启ssh服务
stelnet server enable
ssh authentication-type default password
2、创建本地RSA密钥对
rsa local-key-pair creat
y
2048
3、配置vty界面支持的登录协议
user-interface vty 0 4
authentication-mode aaa
protocol inbound ssh
user privilege level 15 //protocol inbound all这里选择ssh或ALL都可最好选择ssh
4、进入aaa模式配置用户和用户权限以及登录方式
aaa
local-user admin password cipher yto.net.cn
local-user admin privilege level 15
local-user admin service-type ssh
5、ssh添加用户
ssh user admin
ssh user admin authentication-type password
ssh user admin service-type stelnet
undo ssh user root
6、解除连接限制
ssh client first-time enable
ssh server-source all-interface
y
#下面这条不需要加,不安装weakea补丁时需要
#ssh server-source -i Vlanif3
7、关闭密码策略
aaa
undo local-aaa-user password policy administrator
#==============配置ssh完成,保存所有配置===========================
[FutureMatrix-port-group]qu
[FutureMatrix]qu
<FutureMatrix>sa
The current configuration will be written to flash:/vrpcfg.zip.
Are you sure to continue?[Y/N]y
8、修改密码(需要时使用)
local-user admin password irreversible-cipher YTO_admin