代码之美

标签: 路由器

  • 华为AR系列路由器PPPOE拨号上网

    • 创建dialer接口
    acl 3998
 rule 10 permit ip
interface Dialer1
 link-protocol ppp
 ppp ipcp default-route
 ppp chap user pppoe-user
 ppp chap password cipher 123456
 ppp pap local-user pppoe-user password cipher 123456
 ppp ipcp dns admit-any
 ppp ipcp dns request
 ipv6 enable
 tcp adjust-mss 1452
 ip address ppp-negotiate
 dialer user pppoe-user
 dialer bundle 1
 dialer number 1 autodial
 ipv6 address auto link-local
 ipv6 address auto global default
 ipv6 mtu 1492
 nat outbound 3998
 dhcpv6 client pd v6pd1
 sa application-statistic enable
    • 绑定pppoe会话到wan 0/0/9端口
    interface GigabitEthernet0/0/9
 pppoe-client dial-bundle-number 1
 ip address 192.168.1.2 255.255.255.0
 nat outbound 3997
 ip accounting input-packets
 ip accounting output-packets
 sa application-statistic enable
    • 配置lan口
    dhcpv6 pool pool1
 dns-server FD11::1
interface Vlanif101
 mtu 1492
 ipv6 enable
 ip address 192.168.101.1 255.255.255.0
 ipv6 address v6pd1 ::1:0:0:0:1/64
 ipv6 address FD11::1/64
 ipv6 address auto link-local
 ipv6 address auto global
 ipv6 mtu 1492
 undo ipv6 nd ra halt
 ipv6 nd autoconfig other-flag
 dhcp select interface
 dhcpv6 server pool1
 dhcp server dns-list 192.168.101.1

    注意:
    如果ipv6不稳定可以添加以下配置:
    tcp ipv6 max-mss 1432
    在lan口上配置mtu是因为路由器的path mtu不能正常起作用,正常情况下是不需要的。

    Views: 1

  • 配置华为设备使用SSH公钥登录

    • 使用openssh格式公钥
    aaa
local-user admin service-type terminal ssh ftp http
quit
ssh user admin authentication-type all
rsa peer-public-key tao encoding-type openssh
public-key-code begin
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDAA6mw8q1ok9ElbkNRvalOnECxRXaz8oO3sDlL+F8c5dTm09nuK4z1leQlsO
2qMX49foxoCg/sXcVg351dooKkrjZt4IzikGN/hm49lrH4uJGffm9CGmuhF5Xyj1QyvwnA9iERusSS4yf3NvmSR6w5fyCxzKd/09GG8SJ1mXVWw0U9Cd+jk7fEq/6eVsvQNdr23wEXppdkpV9URCvygDR4dk7FBnnmpLD9gOIshpgFPO6452YzaPqpGU/US/YjmbsDNROPHBVvAC/xaCDy6IJCqR8jkKQUya+uPLC29Xfhly+taHV8KHNJ41leN6L/09Lh7uFuN5jGHGHgCJyXPOnP haohetao@gmail.com
public-key-code end
peer-public-key end
dis rsa peer-public-key
ssh user admin assign rsa-key tao
    • 使用华为专有格式的公钥
      有些华为设备或固件版本不支持openssh格式公钥,只能使用华为格式
      执行ssh-keygen -e -m pem -f ~/.ssh/id_rsa.pub | sed '1d;$d' | tr -d '\n' | base64 -d | od -t x1 -An | tr -d ' \n' | tr 'a-f' 'A-F' | sed 's/\(.\{8\}\)/\1 /g' | fold -w 54把本地openssh格式的公钥转换为华为格式
    ssh user admin authentication-type all
rsa peer-public-key tao
public-key-code begin
3082010A 02820101 00C003A9 B0F2AD68 93D1256E 4351BDA9
4E9C40B1 4576B3F2 83B7B039 4BF85F1C E5D4E6D3 D9EE2B8C
F595E425 B0EDAA31 7E3D7E8C 680A0FEC 5DC560DF 9D5DA282
A4AE366D E08CE290 637F866E 3D96B1F8 B8919F7E 6F421A6B
A11795F2 8F5432BF 09C0F621 11BAC492 E327F736 F99247AC
397F20B1 CCA77FD3 D186F122 75997556 C3453D09 DFA393B7
C4ABFE9E 56CBD035 DAF6DF01 17A69764 A55F5444 2BF28034
78764EC5 0679E6A4 B0FD80E2 2C869805 3CEEB8E7 663368FA
A9194FD4 4BF62399 BB033513 8F1C156F 002FF168 20F2E882
42A91F23 90A414C9 AFAE3CB0 B6F577E1 972FAD68 757C2873
49E3595E 37A2FFD3 D2E1EEE1 6E3798C6 1C61E008 9C973CE9
CF020301 0001
public-key-code end
peer-public-key end
dis rsa peer-public-key
ssh user admin assign rsa-key tao

    注意:
    复制密钥的时候不要漏掉后面的尾巴,尤其是复制华为16进制密钥格式时,因为末尾没有换行容易忽略

    Views: 121