$ 配置特权密码 符合复杂度要求
config t
enable secret fuzamima@202407.
$配置账号锁定策略
login block 300 attempts 10 within 300
login on-failure alarm every 10
$创建2个用户1个是管理员 另外1个是审计 (可选密码过期时间90天) 定义密码复杂度
system-user
authorization-template 3
bind aaa-authorization-template 2003
$
authentication-template 3
bind aaa-authentication-template 2003
$
user-name JK
bind authentication-template 3
bind authorization-template 3
password encrypted 2a96fe2fa0f40d5bcd7b6ac5abb831834c91154e44182c4f6fb71df19a56f47c
password-duration 90
$
user-name user
bind authentication-template 3
bind authorization-template 3
password encrypted 2a96fe2fa0f40d5bcd7b6ac5abb831834c91154e44182c4f6fb71df19a56f47c
password-duration 90
$
strong-password length 8 character number capital lowercase special-character
$仅限堡垒机访问设备
ipv4-access-list baoleiji
rule 10 permit 192.168.1.216 0.0.0.0
$开启NTP 定义NTP服务器 定义时区
ntp enable
ntp server 120.25.115.20 priority 1
clock timezone BJ 8
aaa-accounting-template 2003
$
aaa-authentication-template 2003
aaa-authentication-type local
$
aaa-authorization-template 2003
aaa-authorization-type local
$打开SSH服务并调用ACL
ssh server access-class ipv4 baoleiji
ssh server enable
$设置日志服务器
syslog-server host 192.168.1.215 alarmlog cmdlog debugmsg servicelog braslog natlog netconflog snmplog
$设置超时时间
line console idle-timeout 10
line telnet idle-timeout 10
exi
write
$如果中兴作为核心和是要参照H3C一样分VLAN 做VLAN间ACL 等
版权归原作者 normanhere 所有, 如有侵权,请联系我们删除。