连接图
R1:Ethernet 0/0 IP:12.1.1.1/255.255.255.0
R2:Ethernet 0/0 IP:12.1.1.2/255.255.255.0
简单的telnet登陆
R1:
Router>enable
Router#configure terminal
Enter configuration commands, one perline. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface ethernet 0/0
R1(config-if)#ip address 12.1.1.1255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit
R1(config)#
*Mar 5 11:26:33.207: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state toup
*Mar 5 11:26:34.216: %LINEPROTO-5-UPDOWN: Line protocol on InterfaceEthernet0/0, changed state to up
R1(config)#
R2:
Router>
Router>enable
Router#configure terminal
Enter configuration commands, one perline. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#interface ethernet 0/0
R2(config-if)#ip address 12.1.1.2255.255.255.0
R2(config-if)#no shutdown
*Mar 5 11:27:16.537: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state toup
*Mar 5 11:27:17.543: %LINEPROTO-5-UPDOWN: Line protocol on InterfaceEthernet0/0, changed state to up
R2(config-if)#exit
测试联通性:
R1#ping 12.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.2,timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5),round-trip min/avg/max = 1/1/1 ms
配置telnet连接
R1:
R1(config)#line vty 0 4
R1(config-line)#login
% Login disabled on line 2, until'password' is set
% Login disabled on line 3, until'password' is set
% Login disabled on line 4, until'password' is set
% Login disabled on line 5, until'password' is set
% Login disabled on line 6, until'password' is set
R1(config-line)#password cisco ——设置密码
R1(config-line)# transport input telnet ——设置telnet登陆
R1(config-line)#end
R1#show running-config | section vty ——查看vty接口的配置
line vty 0 4
password cisco
login
transport input telnet
设置enable密码
R1(config)#enable password cisco ——明文
或者 R1(config)#enable secret cisco ——密文
R2连接R1
R2#telnet 12.1.1.1
Trying 12.1.1.1 ... Open
User Access Verification
Password: ——输入vty接口的密码
R1>enable
Password: ——输入enable密码
R1#terminal monitor
R1#
简单的账户密码认证登陆
清除除IP以外的配置
让R1登陆R2
R2配置:
R2(config)#line vty 0 4
R2(config-line)#login local
R2(config-line)#transport input telnet
R2(config-line)#exit
R2(config)#username admin privilege 15 password cisco ——设置本地账户密码,权限为15
R1登陆到R2
R1#telnet 12.1.1.2
输入账户密码
高级AAA认证:
R1:
R1(config)#aaa new-model ——开启aaa
R1(config)#aaa authentication login default local-case ——aaa认证关注登陆
R1(config)#line vty 0 4
R1(config-line)#login authentication default
R1(config-line)#exit
R1(config)#aaa authentication login noacs none ——保护console口不用密码
R1(config)#line console 0
R1(config-line)#login authentication noacs
R1(config-line)#exit
R1(config)#username admin privilege 15 password cisco
R1(config)#aaa authorization exec default local
R1(config)#line vty 0 4
R1(config-line)#authorization exec default
R1(config-line)#transport input telnet
R2登陆
R2#telnet 12.1.1.1
Trying 12.1.1.1 ... Open
User Access Verification
Username: admin
Password:
R1#
R1#
设置SSH登陆:(清除除了IP以外的配置)
R1(config)#ip domain-name cisco.com ——设置域名
R1(config)#crypto key generate rsa ——生成加密随机数(512不支持SSHv2,)
The name for the keys will be: R1.cisco.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024 ——自行设置
% Generating 1024 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 1 seconds)
R1(config)#
R1(config)#username admin privilege 15 password cisco
R1(config)#line vty 0 4
R1(config-line)#login local
R1(config-line)#transport input ssh ——使用SSH认证
R1(config-line)#exit
R1(config)#ip ssh version 2 ——开启SSHv2版本
R1(config)#
R2连接
R2#ssh -v 2 -l admin 12.1.1.1 ——使用SSHv2版本连接
Password:
R1#