numberletmein
letmein 时间:2021-01-15 阅读:()
Telnet,ConsoleandAUXPortPasswordsonCiscoRoutersConfigurationExampleContentsIntroductionPrerequisitesRequirementsComponentsUsedConventionsBackgroundInformationConfigurePasswordsontheLineConfigurationProcedureVerifytheConfigurationTroubleshootLoginFailureConfigureLocalUser-SpecificPasswordsConfigurationProcedureVerifytheConfigurationTroubleshootUser-specificPasswordFailureConfigureAUXLinePasswordConfigurationProcedureVerifyConfigurationConfigureAAAAuthenticationforLoginConfigurationProcedureVerifytheConfigurationTroubleshootAAALoginFailureRelatedInformationIntroductionThisdocumentprovidessampleconfigurationsforconfiguringpasswordprotectionforinboundEXECconnectionstotherouter.
PrerequisitesRequirementsInordertoperformthetasksdescribedinthisdocument,youmusthaveprivilegedEXECaccesstotherouter'scommandlineinterface(CLI).
Forinformationonusingthecommandlineandforunderstandingcommandmodes,seeUsingtheCiscoIOSCommand-LineInterface.
Forinstructionsonconnectingaconsoletoyourrouter,refertothedocumentationthataccompaniedyourrouter,orrefertotheonlinedocumentationforyourequipment.
ComponentsUsedTheinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:Cisco2509routerqCiscoIOSSoftwareVersion12.
2(19)qTheinformationinthisdocumentwascreatedfromthedevicesinaspecificlabenvironment.
Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.
Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.
ConventionsFormoreinformationondocumentconventions,refertotheCiscoTechnicalTipsConventions.
BackgroundInformationTheuseofpasswordprotectiontocontrolorrestrictaccesstothecommandlineinterface(CLI)ofyourrouterisoneofthefundamentalelementsofanoverallsecurityplan.
Protectingtherouterfromunauthorizedremoteaccess,typicallyTelnet,isthemostcommonsecuritythatneedsconfiguring,butprotectingtherouterfromunauthorizedlocalaccesscannotbeoverlooked.
Note:Passwordprotectionisjustoneofthemanystepsyoushoulduseinaneffectivein-depthnetworksecurityregimen.
Firewalls,access-lists,andcontrolofphysicalaccesstotheequipmentareotherelementsthatmustbeconsideredwhenimplementingyoursecurityplan.
Commandline,orEXEC,accesstoaroutercanbemadeinanumberofways,butinallcasestheinboundconnectiontotherouterismadeonaTTYline.
TherearefourmaintypesofTTYlines,asseeninthissampleshowlineoutput:2509#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-1TTY9600/9600000/0-2TTY9600/9600000/0-3TTY9600/9600000/0-4TTY9600/9600000/0-5TTY9600/9600000/0-6TTY9600/9600000/0-7TTY9600/9600000/0-8TTY9600/9600000/0-9AUX9600/9600000/0-10VTY000/0-11VTY000/0-12VTY000/0-13VTY000/0-14VTY000/0-2509#TheCTYline-typeistheConsolePort.
Onanyrouter,itappearsintherouterconfigurationaslinecon0andintheoutputoftheshowlinecommandascty.
Theconsoleportismainlyusedforlocalsystemaccessusingaconsoleterminal.
TheTTYlinesareasynchronouslinesusedforinboundoroutboundmodemandterminalconnectionsandcanbeseeninarouteroraccessserverconfigurationaslinex.
Thespecificlinenumbersareafunctionofthehardwarebuiltintoorinstalledontherouteroraccessserver.
TheAUXlineistheAuxiliaryport,seenintheconfigurationaslineaux0.
TheVTYlinesaretheVirtualTerminallinesoftherouter,usedsolelytocontrolinboundTelnetconnections.
Theyarevirtual,inthesensethattheyareafunctionofsoftware-thereisnohardwareassociatedwiththem.
Theyappearintheconfigurationaslinevty04.
Eachofthesetypesoflinescanbeconfiguredwithpasswordprotection.
Linescanbeconfiguredtouseonepasswordforallusers,orforuser-specificpasswords.
User-specificpasswordscanbeconfiguredlocallyontherouter,oryoucanuseanauthenticationservertoprovideauthentication.
Thereisnoprohibitionagainstconfiguringdifferentlineswithdifferenttypesofpasswordprotection.
Itis,infact,commontoseerouterswithasinglepasswordfortheconsoleanduser-specificpasswordsforotherinboundconnections.
Belowisanexampleofrouteroutputfromtheshowrunning-configcommand:2509#showrunning-configBuildingconfiguration.
.
.
Currentconfiguration:655bytes!
version12.
2.
.
.
!
---Configurationeditedforbrevitylinecon0line18lineaux0linevty04!
endConfigurePasswordsontheLineTospecifyapasswordonaline,usethepasswordcommandinlineconfigurationmode.
Toenablepasswordcheckingatlogin,usethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheconsole.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandthenswitchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#linecon0router(config-line)#1.
Configurethepassword,andenablepasswordcheckingatlogin.
router(config-line)#passwordletmeinrouter(config-line)#login2.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:Donotsaveconfigurationchangestolinecon0untilyourabilitytologinhasbeenverified.
3.
Note:Underthelineconsoleconfiguration,loginisarequiredconfigurationcommandtoenablepasswordcheckingatlogin.
Consoleauthenticationrequiresboththepasswordandthelogincommandstowork.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
.
.
.
!
---Linesomittedforbrevity!
linecon0passwordletmeinloginline18lineaux0linevty04!
endTotesttheconfiguration,logofftheconsoleandloginagain,usingtheconfiguredpasswordtoaccesstherouter:router#exitroutercon0isnowavailablePressRETURNtogetstarted.
UserAccessVerificationPassword:!
---Passwordenteredhereisnotdisplayedbytherouterrouter>Note:Beforeperformingthistest,ensurethatyouhaveanalternateconnectionintotherouter,suchasTelnetordial-in,incasethereisaproblemloggingbackintotherouter.
qTroubleshootLoginFailureIfyoucannotlogbackintotherouterandyouhavenotsavedtheconfiguration,reloadingtherouterwilleliminateanyconfigurationchangesyouhavemade.
Iftheconfigurationchangesweresavedandyoucannotlogintotherouter,youwillhavetoperformapasswordrecovery.
SeePasswordRecoveryProcedurestofindinstructionsforyourparticularplatform.
ConfigureLocalUser-SpecificPasswordsToestablishausername-basedauthenticationsystem,usetheusernamecommandinglobalconfigurationmode.
Toenablepasswordcheckingatlogin,usetheloginlocalcommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,passwordsareconfiguredforusersattemptingtoconnecttotherouterontheVTYlinesusingTelnet.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterusername/passwordcombinations,oneforeachuserforwhomyouwanttoallowaccesstotherouter:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#usernamerusspasswordmontecitorouter(config)#usernamecindypasswordbelgiumrouter(config)#usernamemikepasswordrottweiler1.
Switchtolineconfigurationmode,usingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#linevty04router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginlocal3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:InordertodisableautoTelnetwhenyoutypeanameontheCLI,configurenologgingpreferredonthelinethatisused.
Whiletransportpreferrednoneprovidesthesameoutput,italsodisablesautoTelnetforthedefinedhostthatareconfiguredwiththeiphostcommand.
Thisisunlikethenologgingpreferredcommand,whichstopsitforundefinedhostsandletsitworkforthedefinedones.
4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity!
usernamerusspassword0montecitousernamecindypassword0belgiumusernamemikepassword0rottweiler!
!
---Linesomittedforbrevity!
linecon0line18lineaux0linevty04loginlocal!
endTotestthisconfiguration,aTelnetconnectionmustbemadetotherouter.
Thiscanbedonebyconnectingfromadifferenthostonthenetwork,butyoucanalsotestfromtherouteritselfbytelnettingtotheIPaddressofanyinterfaceontherouterthatisinanup/upstateasseenintheoutputoftheshowinterfacescommand.
Hereisasampleoutputiftheaddressofqinterfaceethernet0were10.
1.
1.
1:router#telnet10.
1.
1.
1Trying10.
1.
1.
1.
.
.
OpenUserAccessVerificationUsername:mikePassword:!
---PasswordenteredhereisnotdisplayedbytherouterrouterTroubleshootUser-specificPasswordFailureUsernamesandpasswordsarecase-sensitive.
Usersattemptingtologinwithanincorrectlycasedusernameorpasswordwillberejected.
Ifusersareunabletologintotherouterwiththeirspecificpasswords,reconfiguretheusernameandpasswordontherouter.
ConfigureAUXLinePasswordInordertospecifyapasswordontheAUXline,issuethepasswordcommandinlineconfigurationmode.
Inordertoenablepasswordcheckingatlogin,issuethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheAUXport.
IssuetheshowlinecommandinordertoverifythelineusedbytheAUXport.
R1#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-65AUX9600/9600010/0-66VTY000/0-67VTY000/0-1.
Inthisexample,theAUXportisonline65.
IssuethesecommandsinordertoconfiguretherouterAUXline:R1#conftR1(config)#line65R1(config-line)#modeminoutR1(config-line)#speed115200R1(config-line)#transportinputallR1(config-line)#flowcontrolhardwareR1(config-line)#loginR1(config-line)#passwordciscoR1(config-line)#endR1#2.
VerifyConfigurationExaminetheconfigurationoftherouterinordertoverifythatthecommandshavebeenproperlyentered:Theshowrunning-configcommanddisplaysthecurrentconfigurationoftherouter:R1#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity.
lineaux0passwordciscologinmodemInOuttransportinputallspeed115200flowcontrolhardware!
---Linesomittedforbrevity.
!
endqConfigureAAAAuthenticationforLoginToenableauthentication,authorization,andaccounting(AAA)authenticationforlogins,usetheloginauthenticationcommandinlineconfigurationmode.
AAAservicesmustalsobeconfigured.
ConfigurationProcedureInthisexample,therouterisconfiguredtoretrieveusers'passwordsfromaTACACS+serverwhenusersattempttoconnecttotherouter.
Note:ConfiguringtheroutertouseothertypesofAAAservers(RADIUS,forexample)issimilar.
SeeConfiguringAuthenticationforadditionalinformation.
Note:ThisdocumentdoesnotaddressconfigurationoftheAAAserveritself.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterthecommandstoconfiguretheroutertouseAAAservicesforauthentication:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#aaanew-modelrouter(config)#aaaauthenticationloginmy-auth-listtacacs+router(config)#tacacs-serverhost192.
168.
1.
101router(config)#tacacs-serverkeyletmein1.
Switchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#line18router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginauthenticationmy-auth-list3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:Configuredfromconsolebyconsole4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#writeterminalBuildingconfiguration.
.
.
Currentconfiguration:!
version12.
0servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryption!
hostnamerouter!
aaanew-modelaaaauthenticationloginmy-auth-listtacacs+!
!
---Linesomittedforbrevity.
.
.
!
tacacs-serverhost192.
168.
1.
101tacacs-serverkeyletmein!
linecon0line18loginauthenticationmy-auth-listlineaux0linevty04!
endqTotestthisparticularconfiguration,aninboundoroutboundconnectionmustbemadetotheline.
SeetheModem-RouterConnectionGuideforspecificinformationonconfiguringasynclinesformodemconnections.
Alternately,youcanconfigureoneormoreVTYlinestoperformAAAauthenticationandperformyourtestingthereupon.
TroubleshootAAALoginFailureBeforeissuingdebugcommands,seeImportantInformationonDebugCommands.
Totroubleshootafailedloginattempt,usethedebugcommandappropriatetoyourconfiguration:debugaaaauthenticationqdebugradiusqdebugkerberosqRelatedInformationCiscoIOSDebugCommandReferenceqTechnicalSupport-CiscoSystemsq
PrerequisitesRequirementsInordertoperformthetasksdescribedinthisdocument,youmusthaveprivilegedEXECaccesstotherouter'scommandlineinterface(CLI).
Forinformationonusingthecommandlineandforunderstandingcommandmodes,seeUsingtheCiscoIOSCommand-LineInterface.
Forinstructionsonconnectingaconsoletoyourrouter,refertothedocumentationthataccompaniedyourrouter,orrefertotheonlinedocumentationforyourequipment.
ComponentsUsedTheinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:Cisco2509routerqCiscoIOSSoftwareVersion12.
2(19)qTheinformationinthisdocumentwascreatedfromthedevicesinaspecificlabenvironment.
Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.
Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.
ConventionsFormoreinformationondocumentconventions,refertotheCiscoTechnicalTipsConventions.
BackgroundInformationTheuseofpasswordprotectiontocontrolorrestrictaccesstothecommandlineinterface(CLI)ofyourrouterisoneofthefundamentalelementsofanoverallsecurityplan.
Protectingtherouterfromunauthorizedremoteaccess,typicallyTelnet,isthemostcommonsecuritythatneedsconfiguring,butprotectingtherouterfromunauthorizedlocalaccesscannotbeoverlooked.
Note:Passwordprotectionisjustoneofthemanystepsyoushoulduseinaneffectivein-depthnetworksecurityregimen.
Firewalls,access-lists,andcontrolofphysicalaccesstotheequipmentareotherelementsthatmustbeconsideredwhenimplementingyoursecurityplan.
Commandline,orEXEC,accesstoaroutercanbemadeinanumberofways,butinallcasestheinboundconnectiontotherouterismadeonaTTYline.
TherearefourmaintypesofTTYlines,asseeninthissampleshowlineoutput:2509#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-1TTY9600/9600000/0-2TTY9600/9600000/0-3TTY9600/9600000/0-4TTY9600/9600000/0-5TTY9600/9600000/0-6TTY9600/9600000/0-7TTY9600/9600000/0-8TTY9600/9600000/0-9AUX9600/9600000/0-10VTY000/0-11VTY000/0-12VTY000/0-13VTY000/0-14VTY000/0-2509#TheCTYline-typeistheConsolePort.
Onanyrouter,itappearsintherouterconfigurationaslinecon0andintheoutputoftheshowlinecommandascty.
Theconsoleportismainlyusedforlocalsystemaccessusingaconsoleterminal.
TheTTYlinesareasynchronouslinesusedforinboundoroutboundmodemandterminalconnectionsandcanbeseeninarouteroraccessserverconfigurationaslinex.
Thespecificlinenumbersareafunctionofthehardwarebuiltintoorinstalledontherouteroraccessserver.
TheAUXlineistheAuxiliaryport,seenintheconfigurationaslineaux0.
TheVTYlinesaretheVirtualTerminallinesoftherouter,usedsolelytocontrolinboundTelnetconnections.
Theyarevirtual,inthesensethattheyareafunctionofsoftware-thereisnohardwareassociatedwiththem.
Theyappearintheconfigurationaslinevty04.
Eachofthesetypesoflinescanbeconfiguredwithpasswordprotection.
Linescanbeconfiguredtouseonepasswordforallusers,orforuser-specificpasswords.
User-specificpasswordscanbeconfiguredlocallyontherouter,oryoucanuseanauthenticationservertoprovideauthentication.
Thereisnoprohibitionagainstconfiguringdifferentlineswithdifferenttypesofpasswordprotection.
Itis,infact,commontoseerouterswithasinglepasswordfortheconsoleanduser-specificpasswordsforotherinboundconnections.
Belowisanexampleofrouteroutputfromtheshowrunning-configcommand:2509#showrunning-configBuildingconfiguration.
.
.
Currentconfiguration:655bytes!
version12.
2.
.
.
!
---Configurationeditedforbrevitylinecon0line18lineaux0linevty04!
endConfigurePasswordsontheLineTospecifyapasswordonaline,usethepasswordcommandinlineconfigurationmode.
Toenablepasswordcheckingatlogin,usethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheconsole.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandthenswitchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#linecon0router(config-line)#1.
Configurethepassword,andenablepasswordcheckingatlogin.
router(config-line)#passwordletmeinrouter(config-line)#login2.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:Donotsaveconfigurationchangestolinecon0untilyourabilitytologinhasbeenverified.
3.
Note:Underthelineconsoleconfiguration,loginisarequiredconfigurationcommandtoenablepasswordcheckingatlogin.
Consoleauthenticationrequiresboththepasswordandthelogincommandstowork.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
.
.
.
!
---Linesomittedforbrevity!
linecon0passwordletmeinloginline18lineaux0linevty04!
endTotesttheconfiguration,logofftheconsoleandloginagain,usingtheconfiguredpasswordtoaccesstherouter:router#exitroutercon0isnowavailablePressRETURNtogetstarted.
UserAccessVerificationPassword:!
---Passwordenteredhereisnotdisplayedbytherouterrouter>Note:Beforeperformingthistest,ensurethatyouhaveanalternateconnectionintotherouter,suchasTelnetordial-in,incasethereisaproblemloggingbackintotherouter.
qTroubleshootLoginFailureIfyoucannotlogbackintotherouterandyouhavenotsavedtheconfiguration,reloadingtherouterwilleliminateanyconfigurationchangesyouhavemade.
Iftheconfigurationchangesweresavedandyoucannotlogintotherouter,youwillhavetoperformapasswordrecovery.
SeePasswordRecoveryProcedurestofindinstructionsforyourparticularplatform.
ConfigureLocalUser-SpecificPasswordsToestablishausername-basedauthenticationsystem,usetheusernamecommandinglobalconfigurationmode.
Toenablepasswordcheckingatlogin,usetheloginlocalcommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,passwordsareconfiguredforusersattemptingtoconnecttotherouterontheVTYlinesusingTelnet.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterusername/passwordcombinations,oneforeachuserforwhomyouwanttoallowaccesstotherouter:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#usernamerusspasswordmontecitorouter(config)#usernamecindypasswordbelgiumrouter(config)#usernamemikepasswordrottweiler1.
Switchtolineconfigurationmode,usingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#linevty04router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginlocal3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:InordertodisableautoTelnetwhenyoutypeanameontheCLI,configurenologgingpreferredonthelinethatisused.
Whiletransportpreferrednoneprovidesthesameoutput,italsodisablesautoTelnetforthedefinedhostthatareconfiguredwiththeiphostcommand.
Thisisunlikethenologgingpreferredcommand,whichstopsitforundefinedhostsandletsitworkforthedefinedones.
4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity!
usernamerusspassword0montecitousernamecindypassword0belgiumusernamemikepassword0rottweiler!
!
---Linesomittedforbrevity!
linecon0line18lineaux0linevty04loginlocal!
endTotestthisconfiguration,aTelnetconnectionmustbemadetotherouter.
Thiscanbedonebyconnectingfromadifferenthostonthenetwork,butyoucanalsotestfromtherouteritselfbytelnettingtotheIPaddressofanyinterfaceontherouterthatisinanup/upstateasseenintheoutputoftheshowinterfacescommand.
Hereisasampleoutputiftheaddressofqinterfaceethernet0were10.
1.
1.
1:router#telnet10.
1.
1.
1Trying10.
1.
1.
1.
.
.
OpenUserAccessVerificationUsername:mikePassword:!
---PasswordenteredhereisnotdisplayedbytherouterrouterTroubleshootUser-specificPasswordFailureUsernamesandpasswordsarecase-sensitive.
Usersattemptingtologinwithanincorrectlycasedusernameorpasswordwillberejected.
Ifusersareunabletologintotherouterwiththeirspecificpasswords,reconfiguretheusernameandpasswordontherouter.
ConfigureAUXLinePasswordInordertospecifyapasswordontheAUXline,issuethepasswordcommandinlineconfigurationmode.
Inordertoenablepasswordcheckingatlogin,issuethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheAUXport.
IssuetheshowlinecommandinordertoverifythelineusedbytheAUXport.
R1#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-65AUX9600/9600010/0-66VTY000/0-67VTY000/0-1.
Inthisexample,theAUXportisonline65.
IssuethesecommandsinordertoconfiguretherouterAUXline:R1#conftR1(config)#line65R1(config-line)#modeminoutR1(config-line)#speed115200R1(config-line)#transportinputallR1(config-line)#flowcontrolhardwareR1(config-line)#loginR1(config-line)#passwordciscoR1(config-line)#endR1#2.
VerifyConfigurationExaminetheconfigurationoftherouterinordertoverifythatthecommandshavebeenproperlyentered:Theshowrunning-configcommanddisplaysthecurrentconfigurationoftherouter:R1#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity.
lineaux0passwordciscologinmodemInOuttransportinputallspeed115200flowcontrolhardware!
---Linesomittedforbrevity.
!
endqConfigureAAAAuthenticationforLoginToenableauthentication,authorization,andaccounting(AAA)authenticationforlogins,usetheloginauthenticationcommandinlineconfigurationmode.
AAAservicesmustalsobeconfigured.
ConfigurationProcedureInthisexample,therouterisconfiguredtoretrieveusers'passwordsfromaTACACS+serverwhenusersattempttoconnecttotherouter.
Note:ConfiguringtheroutertouseothertypesofAAAservers(RADIUS,forexample)issimilar.
SeeConfiguringAuthenticationforadditionalinformation.
Note:ThisdocumentdoesnotaddressconfigurationoftheAAAserveritself.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterthecommandstoconfiguretheroutertouseAAAservicesforauthentication:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#aaanew-modelrouter(config)#aaaauthenticationloginmy-auth-listtacacs+router(config)#tacacs-serverhost192.
168.
1.
101router(config)#tacacs-serverkeyletmein1.
Switchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#line18router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginauthenticationmy-auth-list3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:Configuredfromconsolebyconsole4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#writeterminalBuildingconfiguration.
.
.
Currentconfiguration:!
version12.
0servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryption!
hostnamerouter!
aaanew-modelaaaauthenticationloginmy-auth-listtacacs+!
!
---Linesomittedforbrevity.
.
.
!
tacacs-serverhost192.
168.
1.
101tacacs-serverkeyletmein!
linecon0line18loginauthenticationmy-auth-listlineaux0linevty04!
endqTotestthisparticularconfiguration,aninboundoroutboundconnectionmustbemadetotheline.
SeetheModem-RouterConnectionGuideforspecificinformationonconfiguringasynclinesformodemconnections.
Alternately,youcanconfigureoneormoreVTYlinestoperformAAAauthenticationandperformyourtestingthereupon.
TroubleshootAAALoginFailureBeforeissuingdebugcommands,seeImportantInformationonDebugCommands.
Totroubleshootafailedloginattempt,usethedebugcommandappropriatetoyourconfiguration:debugaaaauthenticationqdebugradiusqdebugkerberosqRelatedInformationCiscoIOSDebugCommandReferenceqTechnicalSupport-CiscoSystemsq
- numberletmein相关文档
- MACletmein
- 证书letmein
- doubleletmein
- 呼叫letmein
- 用户letmein
- contentsletmein
触摸云 26元/月 ,美国200G高防云服务器
触摸云触摸云(cmzi.com),国人商家,有IDC/ISP正规资质,主营香港线路VPS、物理机等产品。本次为大家带上的是美国高防2区的套餐。去程普通线路,回程cn2 gia,均衡防御速度与防御,防御值为200G,无视UDP攻击,可选择性是否开启CC防御策略,超过峰值黑洞1-2小时。最低套餐20M起,多数套餐为50M,适合有防御型建站需求使用。美国高防2区 弹性云[大宽带]· 配置:1-16核· ...
HostKvm - 夏季云服务器七折优惠 香港和韩国机房月付5.95美元起
HostKvm,我们很多人都算是比较熟悉的国人服务商,旗下也有多个品牌,差异化多占位策略营销的,商家是一个创建于2013年的品牌,有提供中国香港、美国、日本、新加坡区域虚拟化服务器业务,所有业务均对中国大陆地区线路优化,已经如果做海外线路的话,竞争力不够。今天有看到HostKvm夏季优惠发布,主要针对香港国际和韩国VPS提供7折优惠,折后最低月付5.95美元,其他机房VPS依然是全场8折。第一、夏...
亚洲云Asiayu,成都云服务器 4核4G 30M 120元一月
点击进入亚云官方网站(www.asiayun.com)公司名:上海玥悠悠云计算有限公司成都铂金宿主机IO测试图亚洲云Asiayun怎么样?亚洲云Asiayun好不好?亚云由亚云团队运营,拥有ICP/ISP/IDC/CDN等资质,亚云团队成立于2018年,经过多次品牌升级。主要销售主VPS服务器,提供云服务器和物理服务器,机房有成都、美国CERA、中国香港安畅和电信,香港提供CN2 GIA线路,CE...
letmein为你推荐
-
租用虚拟主机虚拟主机和租用服务器有什么区别?美国主机空间买空间网的美国主机咋样?空间租用租用空间多少钱 1MB?国外空间租用租用美国空间中文域名注册查询如何注册中文域名?请问个人怎样注册中文域名。cn的,个人注册别人公司的可以吗?违法吗?或者怎样才能注册代理主机主机做成代理服务器,其他局域网内的电脑必须通过我的这个网络出去代理主机电脑店卖组装机,怎么赚钱。ip代理地址代理IP是什么便宜的虚拟主机哪里有便宜的国内虚拟主机?虚拟主机申请现在做网站申请虚拟主机选择哪种合适?