numberletmein
letmein 时间:2021-01-15 阅读:()
Telnet,ConsoleandAUXPortPasswordsonCiscoRoutersConfigurationExampleContentsIntroductionPrerequisitesRequirementsComponentsUsedConventionsBackgroundInformationConfigurePasswordsontheLineConfigurationProcedureVerifytheConfigurationTroubleshootLoginFailureConfigureLocalUser-SpecificPasswordsConfigurationProcedureVerifytheConfigurationTroubleshootUser-specificPasswordFailureConfigureAUXLinePasswordConfigurationProcedureVerifyConfigurationConfigureAAAAuthenticationforLoginConfigurationProcedureVerifytheConfigurationTroubleshootAAALoginFailureRelatedInformationIntroductionThisdocumentprovidessampleconfigurationsforconfiguringpasswordprotectionforinboundEXECconnectionstotherouter.
PrerequisitesRequirementsInordertoperformthetasksdescribedinthisdocument,youmusthaveprivilegedEXECaccesstotherouter'scommandlineinterface(CLI).
Forinformationonusingthecommandlineandforunderstandingcommandmodes,seeUsingtheCiscoIOSCommand-LineInterface.
Forinstructionsonconnectingaconsoletoyourrouter,refertothedocumentationthataccompaniedyourrouter,orrefertotheonlinedocumentationforyourequipment.
ComponentsUsedTheinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:Cisco2509routerqCiscoIOSSoftwareVersion12.
2(19)qTheinformationinthisdocumentwascreatedfromthedevicesinaspecificlabenvironment.
Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.
Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.
ConventionsFormoreinformationondocumentconventions,refertotheCiscoTechnicalTipsConventions.
BackgroundInformationTheuseofpasswordprotectiontocontrolorrestrictaccesstothecommandlineinterface(CLI)ofyourrouterisoneofthefundamentalelementsofanoverallsecurityplan.
Protectingtherouterfromunauthorizedremoteaccess,typicallyTelnet,isthemostcommonsecuritythatneedsconfiguring,butprotectingtherouterfromunauthorizedlocalaccesscannotbeoverlooked.
Note:Passwordprotectionisjustoneofthemanystepsyoushoulduseinaneffectivein-depthnetworksecurityregimen.
Firewalls,access-lists,andcontrolofphysicalaccesstotheequipmentareotherelementsthatmustbeconsideredwhenimplementingyoursecurityplan.
Commandline,orEXEC,accesstoaroutercanbemadeinanumberofways,butinallcasestheinboundconnectiontotherouterismadeonaTTYline.
TherearefourmaintypesofTTYlines,asseeninthissampleshowlineoutput:2509#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-1TTY9600/9600000/0-2TTY9600/9600000/0-3TTY9600/9600000/0-4TTY9600/9600000/0-5TTY9600/9600000/0-6TTY9600/9600000/0-7TTY9600/9600000/0-8TTY9600/9600000/0-9AUX9600/9600000/0-10VTY000/0-11VTY000/0-12VTY000/0-13VTY000/0-14VTY000/0-2509#TheCTYline-typeistheConsolePort.
Onanyrouter,itappearsintherouterconfigurationaslinecon0andintheoutputoftheshowlinecommandascty.
Theconsoleportismainlyusedforlocalsystemaccessusingaconsoleterminal.
TheTTYlinesareasynchronouslinesusedforinboundoroutboundmodemandterminalconnectionsandcanbeseeninarouteroraccessserverconfigurationaslinex.
Thespecificlinenumbersareafunctionofthehardwarebuiltintoorinstalledontherouteroraccessserver.
TheAUXlineistheAuxiliaryport,seenintheconfigurationaslineaux0.
TheVTYlinesaretheVirtualTerminallinesoftherouter,usedsolelytocontrolinboundTelnetconnections.
Theyarevirtual,inthesensethattheyareafunctionofsoftware-thereisnohardwareassociatedwiththem.
Theyappearintheconfigurationaslinevty04.
Eachofthesetypesoflinescanbeconfiguredwithpasswordprotection.
Linescanbeconfiguredtouseonepasswordforallusers,orforuser-specificpasswords.
User-specificpasswordscanbeconfiguredlocallyontherouter,oryoucanuseanauthenticationservertoprovideauthentication.
Thereisnoprohibitionagainstconfiguringdifferentlineswithdifferenttypesofpasswordprotection.
Itis,infact,commontoseerouterswithasinglepasswordfortheconsoleanduser-specificpasswordsforotherinboundconnections.
Belowisanexampleofrouteroutputfromtheshowrunning-configcommand:2509#showrunning-configBuildingconfiguration.
.
.
Currentconfiguration:655bytes!
version12.
2.
.
.
!
---Configurationeditedforbrevitylinecon0line18lineaux0linevty04!
endConfigurePasswordsontheLineTospecifyapasswordonaline,usethepasswordcommandinlineconfigurationmode.
Toenablepasswordcheckingatlogin,usethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheconsole.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandthenswitchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#linecon0router(config-line)#1.
Configurethepassword,andenablepasswordcheckingatlogin.
router(config-line)#passwordletmeinrouter(config-line)#login2.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:Donotsaveconfigurationchangestolinecon0untilyourabilitytologinhasbeenverified.
3.
Note:Underthelineconsoleconfiguration,loginisarequiredconfigurationcommandtoenablepasswordcheckingatlogin.
Consoleauthenticationrequiresboththepasswordandthelogincommandstowork.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
.
.
.
!
---Linesomittedforbrevity!
linecon0passwordletmeinloginline18lineaux0linevty04!
endTotesttheconfiguration,logofftheconsoleandloginagain,usingtheconfiguredpasswordtoaccesstherouter:router#exitroutercon0isnowavailablePressRETURNtogetstarted.
UserAccessVerificationPassword:!
---Passwordenteredhereisnotdisplayedbytherouterrouter>Note:Beforeperformingthistest,ensurethatyouhaveanalternateconnectionintotherouter,suchasTelnetordial-in,incasethereisaproblemloggingbackintotherouter.
qTroubleshootLoginFailureIfyoucannotlogbackintotherouterandyouhavenotsavedtheconfiguration,reloadingtherouterwilleliminateanyconfigurationchangesyouhavemade.
Iftheconfigurationchangesweresavedandyoucannotlogintotherouter,youwillhavetoperformapasswordrecovery.
SeePasswordRecoveryProcedurestofindinstructionsforyourparticularplatform.
ConfigureLocalUser-SpecificPasswordsToestablishausername-basedauthenticationsystem,usetheusernamecommandinglobalconfigurationmode.
Toenablepasswordcheckingatlogin,usetheloginlocalcommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,passwordsareconfiguredforusersattemptingtoconnecttotherouterontheVTYlinesusingTelnet.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterusername/passwordcombinations,oneforeachuserforwhomyouwanttoallowaccesstotherouter:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#usernamerusspasswordmontecitorouter(config)#usernamecindypasswordbelgiumrouter(config)#usernamemikepasswordrottweiler1.
Switchtolineconfigurationmode,usingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#linevty04router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginlocal3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:InordertodisableautoTelnetwhenyoutypeanameontheCLI,configurenologgingpreferredonthelinethatisused.
Whiletransportpreferrednoneprovidesthesameoutput,italsodisablesautoTelnetforthedefinedhostthatareconfiguredwiththeiphostcommand.
Thisisunlikethenologgingpreferredcommand,whichstopsitforundefinedhostsandletsitworkforthedefinedones.
4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity!
usernamerusspassword0montecitousernamecindypassword0belgiumusernamemikepassword0rottweiler!
!
---Linesomittedforbrevity!
linecon0line18lineaux0linevty04loginlocal!
endTotestthisconfiguration,aTelnetconnectionmustbemadetotherouter.
Thiscanbedonebyconnectingfromadifferenthostonthenetwork,butyoucanalsotestfromtherouteritselfbytelnettingtotheIPaddressofanyinterfaceontherouterthatisinanup/upstateasseenintheoutputoftheshowinterfacescommand.
Hereisasampleoutputiftheaddressofqinterfaceethernet0were10.
1.
1.
1:router#telnet10.
1.
1.
1Trying10.
1.
1.
1.
.
.
OpenUserAccessVerificationUsername:mikePassword:!
---PasswordenteredhereisnotdisplayedbytherouterrouterTroubleshootUser-specificPasswordFailureUsernamesandpasswordsarecase-sensitive.
Usersattemptingtologinwithanincorrectlycasedusernameorpasswordwillberejected.
Ifusersareunabletologintotherouterwiththeirspecificpasswords,reconfiguretheusernameandpasswordontherouter.
ConfigureAUXLinePasswordInordertospecifyapasswordontheAUXline,issuethepasswordcommandinlineconfigurationmode.
Inordertoenablepasswordcheckingatlogin,issuethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheAUXport.
IssuetheshowlinecommandinordertoverifythelineusedbytheAUXport.
R1#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-65AUX9600/9600010/0-66VTY000/0-67VTY000/0-1.
Inthisexample,theAUXportisonline65.
IssuethesecommandsinordertoconfiguretherouterAUXline:R1#conftR1(config)#line65R1(config-line)#modeminoutR1(config-line)#speed115200R1(config-line)#transportinputallR1(config-line)#flowcontrolhardwareR1(config-line)#loginR1(config-line)#passwordciscoR1(config-line)#endR1#2.
VerifyConfigurationExaminetheconfigurationoftherouterinordertoverifythatthecommandshavebeenproperlyentered:Theshowrunning-configcommanddisplaysthecurrentconfigurationoftherouter:R1#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity.
lineaux0passwordciscologinmodemInOuttransportinputallspeed115200flowcontrolhardware!
---Linesomittedforbrevity.
!
endqConfigureAAAAuthenticationforLoginToenableauthentication,authorization,andaccounting(AAA)authenticationforlogins,usetheloginauthenticationcommandinlineconfigurationmode.
AAAservicesmustalsobeconfigured.
ConfigurationProcedureInthisexample,therouterisconfiguredtoretrieveusers'passwordsfromaTACACS+serverwhenusersattempttoconnecttotherouter.
Note:ConfiguringtheroutertouseothertypesofAAAservers(RADIUS,forexample)issimilar.
SeeConfiguringAuthenticationforadditionalinformation.
Note:ThisdocumentdoesnotaddressconfigurationoftheAAAserveritself.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterthecommandstoconfiguretheroutertouseAAAservicesforauthentication:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#aaanew-modelrouter(config)#aaaauthenticationloginmy-auth-listtacacs+router(config)#tacacs-serverhost192.
168.
1.
101router(config)#tacacs-serverkeyletmein1.
Switchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#line18router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginauthenticationmy-auth-list3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:Configuredfromconsolebyconsole4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#writeterminalBuildingconfiguration.
.
.
Currentconfiguration:!
version12.
0servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryption!
hostnamerouter!
aaanew-modelaaaauthenticationloginmy-auth-listtacacs+!
!
---Linesomittedforbrevity.
.
.
!
tacacs-serverhost192.
168.
1.
101tacacs-serverkeyletmein!
linecon0line18loginauthenticationmy-auth-listlineaux0linevty04!
endqTotestthisparticularconfiguration,aninboundoroutboundconnectionmustbemadetotheline.
SeetheModem-RouterConnectionGuideforspecificinformationonconfiguringasynclinesformodemconnections.
Alternately,youcanconfigureoneormoreVTYlinestoperformAAAauthenticationandperformyourtestingthereupon.
TroubleshootAAALoginFailureBeforeissuingdebugcommands,seeImportantInformationonDebugCommands.
Totroubleshootafailedloginattempt,usethedebugcommandappropriatetoyourconfiguration:debugaaaauthenticationqdebugradiusqdebugkerberosqRelatedInformationCiscoIOSDebugCommandReferenceqTechnicalSupport-CiscoSystemsq
PrerequisitesRequirementsInordertoperformthetasksdescribedinthisdocument,youmusthaveprivilegedEXECaccesstotherouter'scommandlineinterface(CLI).
Forinformationonusingthecommandlineandforunderstandingcommandmodes,seeUsingtheCiscoIOSCommand-LineInterface.
Forinstructionsonconnectingaconsoletoyourrouter,refertothedocumentationthataccompaniedyourrouter,orrefertotheonlinedocumentationforyourequipment.
ComponentsUsedTheinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:Cisco2509routerqCiscoIOSSoftwareVersion12.
2(19)qTheinformationinthisdocumentwascreatedfromthedevicesinaspecificlabenvironment.
Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.
Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.
ConventionsFormoreinformationondocumentconventions,refertotheCiscoTechnicalTipsConventions.
BackgroundInformationTheuseofpasswordprotectiontocontrolorrestrictaccesstothecommandlineinterface(CLI)ofyourrouterisoneofthefundamentalelementsofanoverallsecurityplan.
Protectingtherouterfromunauthorizedremoteaccess,typicallyTelnet,isthemostcommonsecuritythatneedsconfiguring,butprotectingtherouterfromunauthorizedlocalaccesscannotbeoverlooked.
Note:Passwordprotectionisjustoneofthemanystepsyoushoulduseinaneffectivein-depthnetworksecurityregimen.
Firewalls,access-lists,andcontrolofphysicalaccesstotheequipmentareotherelementsthatmustbeconsideredwhenimplementingyoursecurityplan.
Commandline,orEXEC,accesstoaroutercanbemadeinanumberofways,butinallcasestheinboundconnectiontotherouterismadeonaTTYline.
TherearefourmaintypesofTTYlines,asseeninthissampleshowlineoutput:2509#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-1TTY9600/9600000/0-2TTY9600/9600000/0-3TTY9600/9600000/0-4TTY9600/9600000/0-5TTY9600/9600000/0-6TTY9600/9600000/0-7TTY9600/9600000/0-8TTY9600/9600000/0-9AUX9600/9600000/0-10VTY000/0-11VTY000/0-12VTY000/0-13VTY000/0-14VTY000/0-2509#TheCTYline-typeistheConsolePort.
Onanyrouter,itappearsintherouterconfigurationaslinecon0andintheoutputoftheshowlinecommandascty.
Theconsoleportismainlyusedforlocalsystemaccessusingaconsoleterminal.
TheTTYlinesareasynchronouslinesusedforinboundoroutboundmodemandterminalconnectionsandcanbeseeninarouteroraccessserverconfigurationaslinex.
Thespecificlinenumbersareafunctionofthehardwarebuiltintoorinstalledontherouteroraccessserver.
TheAUXlineistheAuxiliaryport,seenintheconfigurationaslineaux0.
TheVTYlinesaretheVirtualTerminallinesoftherouter,usedsolelytocontrolinboundTelnetconnections.
Theyarevirtual,inthesensethattheyareafunctionofsoftware-thereisnohardwareassociatedwiththem.
Theyappearintheconfigurationaslinevty04.
Eachofthesetypesoflinescanbeconfiguredwithpasswordprotection.
Linescanbeconfiguredtouseonepasswordforallusers,orforuser-specificpasswords.
User-specificpasswordscanbeconfiguredlocallyontherouter,oryoucanuseanauthenticationservertoprovideauthentication.
Thereisnoprohibitionagainstconfiguringdifferentlineswithdifferenttypesofpasswordprotection.
Itis,infact,commontoseerouterswithasinglepasswordfortheconsoleanduser-specificpasswordsforotherinboundconnections.
Belowisanexampleofrouteroutputfromtheshowrunning-configcommand:2509#showrunning-configBuildingconfiguration.
.
.
Currentconfiguration:655bytes!
version12.
2.
.
.
!
---Configurationeditedforbrevitylinecon0line18lineaux0linevty04!
endConfigurePasswordsontheLineTospecifyapasswordonaline,usethepasswordcommandinlineconfigurationmode.
Toenablepasswordcheckingatlogin,usethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheconsole.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandthenswitchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#linecon0router(config-line)#1.
Configurethepassword,andenablepasswordcheckingatlogin.
router(config-line)#passwordletmeinrouter(config-line)#login2.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:Donotsaveconfigurationchangestolinecon0untilyourabilitytologinhasbeenverified.
3.
Note:Underthelineconsoleconfiguration,loginisarequiredconfigurationcommandtoenablepasswordcheckingatlogin.
Consoleauthenticationrequiresboththepasswordandthelogincommandstowork.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
.
.
.
!
---Linesomittedforbrevity!
linecon0passwordletmeinloginline18lineaux0linevty04!
endTotesttheconfiguration,logofftheconsoleandloginagain,usingtheconfiguredpasswordtoaccesstherouter:router#exitroutercon0isnowavailablePressRETURNtogetstarted.
UserAccessVerificationPassword:!
---Passwordenteredhereisnotdisplayedbytherouterrouter>Note:Beforeperformingthistest,ensurethatyouhaveanalternateconnectionintotherouter,suchasTelnetordial-in,incasethereisaproblemloggingbackintotherouter.
qTroubleshootLoginFailureIfyoucannotlogbackintotherouterandyouhavenotsavedtheconfiguration,reloadingtherouterwilleliminateanyconfigurationchangesyouhavemade.
Iftheconfigurationchangesweresavedandyoucannotlogintotherouter,youwillhavetoperformapasswordrecovery.
SeePasswordRecoveryProcedurestofindinstructionsforyourparticularplatform.
ConfigureLocalUser-SpecificPasswordsToestablishausername-basedauthenticationsystem,usetheusernamecommandinglobalconfigurationmode.
Toenablepasswordcheckingatlogin,usetheloginlocalcommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,passwordsareconfiguredforusersattemptingtoconnecttotherouterontheVTYlinesusingTelnet.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterusername/passwordcombinations,oneforeachuserforwhomyouwanttoallowaccesstotherouter:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#usernamerusspasswordmontecitorouter(config)#usernamecindypasswordbelgiumrouter(config)#usernamemikepasswordrottweiler1.
Switchtolineconfigurationmode,usingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#linevty04router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginlocal3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:InordertodisableautoTelnetwhenyoutypeanameontheCLI,configurenologgingpreferredonthelinethatisused.
Whiletransportpreferrednoneprovidesthesameoutput,italsodisablesautoTelnetforthedefinedhostthatareconfiguredwiththeiphostcommand.
Thisisunlikethenologgingpreferredcommand,whichstopsitforundefinedhostsandletsitworkforthedefinedones.
4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity!
usernamerusspassword0montecitousernamecindypassword0belgiumusernamemikepassword0rottweiler!
!
---Linesomittedforbrevity!
linecon0line18lineaux0linevty04loginlocal!
endTotestthisconfiguration,aTelnetconnectionmustbemadetotherouter.
Thiscanbedonebyconnectingfromadifferenthostonthenetwork,butyoucanalsotestfromtherouteritselfbytelnettingtotheIPaddressofanyinterfaceontherouterthatisinanup/upstateasseenintheoutputoftheshowinterfacescommand.
Hereisasampleoutputiftheaddressofqinterfaceethernet0were10.
1.
1.
1:router#telnet10.
1.
1.
1Trying10.
1.
1.
1.
.
.
OpenUserAccessVerificationUsername:mikePassword:!
---PasswordenteredhereisnotdisplayedbytherouterrouterTroubleshootUser-specificPasswordFailureUsernamesandpasswordsarecase-sensitive.
Usersattemptingtologinwithanincorrectlycasedusernameorpasswordwillberejected.
Ifusersareunabletologintotherouterwiththeirspecificpasswords,reconfiguretheusernameandpasswordontherouter.
ConfigureAUXLinePasswordInordertospecifyapasswordontheAUXline,issuethepasswordcommandinlineconfigurationmode.
Inordertoenablepasswordcheckingatlogin,issuethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheAUXport.
IssuetheshowlinecommandinordertoverifythelineusedbytheAUXport.
R1#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-65AUX9600/9600010/0-66VTY000/0-67VTY000/0-1.
Inthisexample,theAUXportisonline65.
IssuethesecommandsinordertoconfiguretherouterAUXline:R1#conftR1(config)#line65R1(config-line)#modeminoutR1(config-line)#speed115200R1(config-line)#transportinputallR1(config-line)#flowcontrolhardwareR1(config-line)#loginR1(config-line)#passwordciscoR1(config-line)#endR1#2.
VerifyConfigurationExaminetheconfigurationoftherouterinordertoverifythatthecommandshavebeenproperlyentered:Theshowrunning-configcommanddisplaysthecurrentconfigurationoftherouter:R1#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity.
lineaux0passwordciscologinmodemInOuttransportinputallspeed115200flowcontrolhardware!
---Linesomittedforbrevity.
!
endqConfigureAAAAuthenticationforLoginToenableauthentication,authorization,andaccounting(AAA)authenticationforlogins,usetheloginauthenticationcommandinlineconfigurationmode.
AAAservicesmustalsobeconfigured.
ConfigurationProcedureInthisexample,therouterisconfiguredtoretrieveusers'passwordsfromaTACACS+serverwhenusersattempttoconnecttotherouter.
Note:ConfiguringtheroutertouseothertypesofAAAservers(RADIUS,forexample)issimilar.
SeeConfiguringAuthenticationforadditionalinformation.
Note:ThisdocumentdoesnotaddressconfigurationoftheAAAserveritself.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterthecommandstoconfiguretheroutertouseAAAservicesforauthentication:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#aaanew-modelrouter(config)#aaaauthenticationloginmy-auth-listtacacs+router(config)#tacacs-serverhost192.
168.
1.
101router(config)#tacacs-serverkeyletmein1.
Switchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#line18router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginauthenticationmy-auth-list3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:Configuredfromconsolebyconsole4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#writeterminalBuildingconfiguration.
.
.
Currentconfiguration:!
version12.
0servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryption!
hostnamerouter!
aaanew-modelaaaauthenticationloginmy-auth-listtacacs+!
!
---Linesomittedforbrevity.
.
.
!
tacacs-serverhost192.
168.
1.
101tacacs-serverkeyletmein!
linecon0line18loginauthenticationmy-auth-listlineaux0linevty04!
endqTotestthisparticularconfiguration,aninboundoroutboundconnectionmustbemadetotheline.
SeetheModem-RouterConnectionGuideforspecificinformationonconfiguringasynclinesformodemconnections.
Alternately,youcanconfigureoneormoreVTYlinestoperformAAAauthenticationandperformyourtestingthereupon.
TroubleshootAAALoginFailureBeforeissuingdebugcommands,seeImportantInformationonDebugCommands.
Totroubleshootafailedloginattempt,usethedebugcommandappropriatetoyourconfiguration:debugaaaauthenticationqdebugradiusqdebugkerberosqRelatedInformationCiscoIOSDebugCommandReferenceqTechnicalSupport-CiscoSystemsq
- numberletmein相关文档
- MACletmein
- 证书letmein
- doubleletmein
- 呼叫letmein
- 用户letmein
- contentsletmein
2021年7月最新洛杉矶CN2/香港CN2 vps套餐及搬瓦工优惠码 循环终身优惠6.58%
搬瓦工怎么样?2021年7月最新vps套餐推荐及搬瓦工优惠码整理,搬瓦工优惠码可以在购买的时候获取一些优惠,一般来说力度都在 6% 左右。本文整理一下 2021 年 7 月最新的搬瓦工优惠码,目前折扣力度最大是 6.58%,并且是循环折扣,续费有效,可以一直享受优惠价格续费的。搬瓦工优惠码基本上可能每年才会更新一次,大家可以收藏本文,会保持搬瓦工最新优惠码更新的。点击进入:搬瓦工最新官方网站搬瓦工...
创梦网络-四川一手资源高防大带宽云服务器,物理机租用,机柜资源,自建防火墙,雅安最高单机700G防护,四川联通1G大带宽8.3W/年,无视UDP攻击,免费防CC
? ? ? ?创梦网络怎么样,创梦网络公司位于四川省达州市,属于四川本地企业,资质齐全,IDC/ISP均有,从创梦网络这边租的服务器均可以****,属于一手资源,高防机柜、大带宽、高防IP业务,另外创梦网络近期还会上线四川联通大带宽,四川联通高防IP,一手整CIP段,四川电信,联通高防机柜,CN2专线相关业务。成都优化线路,机柜租用、服务器云服务器租用,适合建站做游戏,不须要在套CDN,全国访问快...
DiyVM(50元起)老牌商家,香港沙田CN2直连vps/不限流量/五折终身优惠
diyvm怎么样?diyvm是一家国内成立时间比较久的主机商家了,大约在6年前站长曾经用过他家的美国机房的套餐,非常稳定,适合做站,目前商家正在针对香港沙田机房的VPS进行促销,给的是五折优惠,续费同价,香港沙田机房走的是CN2直连的线路,到大陆地区的速度非常好,DiyVM商家采用小带宽不限流量的形式,带宽2Mbps起步,做站完全够用,有需要的朋友可以入手。diyvm优惠码:五折优惠码:OFF50...
letmein为你推荐
-
独立ip主机独立IP虚拟主机的主机弊端asp主机asp.net虚拟主机怎么样,它和asp虚拟主机是不是一样的,求解释国内免费空间国内有没有好的免费空间啊香港虚拟空间香港空间,香港虚拟主机,香港虚拟空间推荐一家,公司要做一个网站,需要1G的,不限流量的,其它的空间不要手机网站空间手机登陆qq空间网址是什么?北京虚拟主机租用北京云主机租用哪家资质正规,价格便宜,服务好?要真云主机不要那种vps的假云主机,机房要在北京的!域名网电脑上的域名分别表示什么!花生壳域名怎么用花生壳做域名解析域名劫持发现域名被劫持怎么办域名服务器服务器与域名的区别