cli

system-view
#1、开启三大远程服务
stelnet server enable
telnet server enable
http server enable


<FutureMatrix>system-view
Enter system view, return user view with Ctrl+Z.
[FutureMatrix]stelnet server enable
Warning: After configuring the source interface or source address, the listening socket will be created.
Info: The Stelnet server is already started.
[FutureMatrix]telnet server enable
Info: The Telnet server has been enabled.
[FutureMatrix]http server enable
Info: The HTTP server has been already started.
Warning: After configuring the source interface or source address, the listening socket will be created.
[FutureMatrix]rsa local-key-pair create
The key name will be: FutureMatrix_Host
% RSA keys defined for FutureMatrix_Host already exist.
Confirm to replace them? [y/n]:
输入 n 不替换原有密钥。

#2、生成SSH密钥(SSH必配,缺密钥连不上)
rsa local-key-pair create


[FutureMatrix]rsa local-key-pair create
The key name will be: FutureMatrix_Host
% RSA keys defined for FutureMatrix_Host already exist.
Confirm to replace them? [y/n]:n
[FutureMatrix]ssh server-source all-interface
Warning: SSH server source configuration will take effect in the next login. Continue? [Y/N]:
输入 Y 回车。

弹出密钥位数直接回车默认 2048 即可

cli

#3、放开全接口SSH接入(新版S5720默认拦截所有接口远程,必开)
ssh server-source all-interface

#4、重新规范AAA用户
aaa
undo local-user admin
[FutureMatrix-aaa]local-user admin password cipher admin4148
[FutureMatrix-aaa]local-user admin service-type terminal ssh telnet http
[FutureMatrix-aaa]local-user admin privilege level 15

[FutureMatrix-aaa]local-user admin privilege level 15
Warning: This operation may affect online users, are you sure to change the user privilege level ?[Y/N]
输入 Y 回车

[FutureMatrix-aaa]quit

#5、VTY线路核心配置(允许ssh+telnet、AAA认证)
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
idle-timeout 15 0
quit

#6、Console沿用AAA(之前已配,再确认)
user-interface console 0
authentication-mode aaa
quit

#保存配置
save

[FutureMatrix]user-interface vty 0 4
[FutureMatrix-ui-vty0-4]authentication-mode aaa
Warning: The level of the user-interface(s) will be the default level of AAA users, please check whether it is correct.
[FutureMatrix-ui-vty0-4]protocol inbound all
[FutureMatrix-ui-vty0-4]idle-timeout 15 0
[FutureMatrix-ui-vty0-4]quit
[FutureMatrix]
<FutureMatrix>save
The current configuration will be written to flash:/vrpcfg.zip.
Are you sure to continue?[Y/N]y
Now saving the current configuration to the slot 0..
Save the configuration successfully.
<FutureMatrix>display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(E): E-Trunk down
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 0

Interface                         IP Address/Mask      Physical   Protocol  
NULL0                             unassigned           up         up(s)     
Vlanif1                           192.168.1.253/24     up         up

修改 B 交换机管理 IP:Vlanif1 改成 192.168.210.253/24

cli

system-view
interface Vlanif 1
undo ip address
ip address 192.168.210.253 255.255.255.0
quit
save

改完说明

  1. B 交换机远程登录地址:192.168.210.253

  2. 账号:admin,密码:admin4148,SSH/Telnet/WEB 全都能用

  3. 上联 Trunk1 本来就在 VLAN1,改 Vlanif1 不影响现有聚合、VLAN100、爱快配置

测试方法

同网段电脑 ping 192.168.210.253,通了即可远程登录。

故障原因说明(你现在问题根源)

  1. SSH 缺少 RSA 密钥 + 未开 ssh server-source:S5720 V200R020 之后默认禁止所有接口接入 SSH,只开服务没用;

  2. VTY 没有protocol inbound all,VTY 线路不放行 SSH/Telnet 协议;

  3. 清除 Console 密码后旧远程用户失效,重新删除重建 admin 账号才生效;

  4. HTTP 服务默认关闭,需要http server enable手动开启。

验证命令(配完检查)

plaintext

display ssh server status
display telnet server status
display user-interface vty 0 4

配完直接用admin / admin4148 SSH、Telnet、网页登录。