Cisco IOS Basic CLI Configuration:Access Security 01

1.  Telnet

Switch Config:

Switch>en

Switch#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)#enable secret zhang

Switch(config)#line console 0

Switch(config-line)#password 123

Switch(config-line)#login

Switch(config-line)#exit

Switch(config)#line vty 0 15

Switch(config-line)#password hello

Switch(config-line)#login

Switch(config-line)#exit

Switch(config)#interface vlan 1

Switch(config-if)#ip address 192.168.1.1 255.255.255.0

Switch(config-if)#no shutdown

 

Switch(config-if)#

%LINK-5-CHANGED: Interface Vlan1, changed state to up

 

Switch(config-if)#exit

Switch(config)#exit

Switch#

 

Switch#show running-config

Building configuration...

 

Current configuration : 1152 bytes

!

hostname Switch

!

enable secret 5 $1$mERr$Ihkqz6Aphv2yflqGpdU2m0

!

interface Vlan1

 ip address 192.168.1.1 255.255.255.0

!

line con 0

 password 123

 login

!

line vty 0 4

 password hello

 login

line vty 5 15

 password hello

 login

!

!

end

Switch#

 

 

PC1 Telnet Test:

 

 

2.  SSH

Switch#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

Switch(config)#line vty 0 15

Switch(config-line)#login local

Switch(config-line)#exit

Switch(config)#username user1 password 123

Switch(config)#username user2 password 123

Switch(config)#ip domain-name example.com

Switch(config)#crypto key generate rsa

% Please define a hostname other than Switch.

Switch(config)#hostname zhang

zhang(config)#crypto key generate rsa

The name for the keys will be: zhang.example.com

Choose the size of the key modulus in the range of 360 to 2048 for your

  General Purpose Keys. Choosing a key modulus greater than 512 may take

  a few minutes.

 

How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

 

zhang(config)#ip ssh version 2

*?? 1 0:30:20.486:  %SSH-5-ENABLED: SSH 1.99 has been enabled

zhang(config)#

zhang(config)#

 

3.  Encrypting Password

conf t

service password-encryption

4.  Support Telnet SSH on vty line

transport input all or transport input telnet ssh : support both

transport input none: Support neither

transport input telnet: Support only Telnet

transport input ssh: Support only SSH

posted @ 2014-04-24 13:30  张楠0412  阅读(388)  评论(0编辑  收藏  举报