Cisco IOS Basic CLI Configuration:Access Security 01
1. Telnet Switch Config: Switchen Switch#conf t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#enable secret zhang Switch(config)#line console 0 Switch(config-line)#password 123 Switch(config-line)#login Switc
1. Telnet
Switch Config:
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#enable secret zhang
Switch(config)#line console 0
Switch(config-line)#password 123
Switch(config-line)#login
Switch(config-line)#exit
Switch(config)#line vty 0 15
Switch(config-line)#password hello
Switch(config-line)#login
Switch(config-line)#exit
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.1.1 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
Switch(config-if)#exit
Switch(config)#exit
Switch#
Switch#show running-config
Building configuration...
Current configuration : 1152 bytes
!
hostname Switch
!
enable secret 5 $1$mERr$Ihkqz6Aphv2yflqGpdU2m0
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
line con 0
password 123
login
!
line vty 0 4
password hello
login
line vty 5 15
password hello
login
!
!
end
Switch#
PC1 Telnet Test:
2. SSH
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line vty 0 15
Switch(config-line)#login local
Switch(config-line)#exit
Switch(config)#username user1 password 123
Switch(config)#username user2 password 123
Switch(config)#ip domain-name example.com
Switch(config)#crypto key generate rsa
% Please define a hostname other than Switch.
Switch(config)#hostname zhang
zhang(config)#crypto key generate rsa
The name for the keys will be: zhang.example.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]
zhang(config)#ip ssh version 2
*?? 1 0:30:20.486: %SSH-5-ENABLED: SSH 1.99 has been enabled
zhang(config)#
zhang(config)#
3. Encrypting Password
conf t
service password-encryption
4. Support Telnet SSH on vty line
transport input all or transport input telnet ssh : support both
transport input none: Support neither
transport input telnet: Support only Telnet
transport input ssh: Support only SSH