numberletmein
letmein 时间:2021-01-15 阅读:()
Telnet,ConsoleandAUXPortPasswordsonCiscoRoutersConfigurationExampleContentsIntroductionPrerequisitesRequirementsComponentsUsedConventionsBackgroundInformationConfigurePasswordsontheLineConfigurationProcedureVerifytheConfigurationTroubleshootLoginFailureConfigureLocalUser-SpecificPasswordsConfigurationProcedureVerifytheConfigurationTroubleshootUser-specificPasswordFailureConfigureAUXLinePasswordConfigurationProcedureVerifyConfigurationConfigureAAAAuthenticationforLoginConfigurationProcedureVerifytheConfigurationTroubleshootAAALoginFailureRelatedInformationIntroductionThisdocumentprovidessampleconfigurationsforconfiguringpasswordprotectionforinboundEXECconnectionstotherouter.
PrerequisitesRequirementsInordertoperformthetasksdescribedinthisdocument,youmusthaveprivilegedEXECaccesstotherouter'scommandlineinterface(CLI).
Forinformationonusingthecommandlineandforunderstandingcommandmodes,seeUsingtheCiscoIOSCommand-LineInterface.
Forinstructionsonconnectingaconsoletoyourrouter,refertothedocumentationthataccompaniedyourrouter,orrefertotheonlinedocumentationforyourequipment.
ComponentsUsedTheinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:Cisco2509routerqCiscoIOSSoftwareVersion12.
2(19)qTheinformationinthisdocumentwascreatedfromthedevicesinaspecificlabenvironment.
Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.
Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.
ConventionsFormoreinformationondocumentconventions,refertotheCiscoTechnicalTipsConventions.
BackgroundInformationTheuseofpasswordprotectiontocontrolorrestrictaccesstothecommandlineinterface(CLI)ofyourrouterisoneofthefundamentalelementsofanoverallsecurityplan.
Protectingtherouterfromunauthorizedremoteaccess,typicallyTelnet,isthemostcommonsecuritythatneedsconfiguring,butprotectingtherouterfromunauthorizedlocalaccesscannotbeoverlooked.
Note:Passwordprotectionisjustoneofthemanystepsyoushoulduseinaneffectivein-depthnetworksecurityregimen.
Firewalls,access-lists,andcontrolofphysicalaccesstotheequipmentareotherelementsthatmustbeconsideredwhenimplementingyoursecurityplan.
Commandline,orEXEC,accesstoaroutercanbemadeinanumberofways,butinallcasestheinboundconnectiontotherouterismadeonaTTYline.
TherearefourmaintypesofTTYlines,asseeninthissampleshowlineoutput:2509#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-1TTY9600/9600000/0-2TTY9600/9600000/0-3TTY9600/9600000/0-4TTY9600/9600000/0-5TTY9600/9600000/0-6TTY9600/9600000/0-7TTY9600/9600000/0-8TTY9600/9600000/0-9AUX9600/9600000/0-10VTY000/0-11VTY000/0-12VTY000/0-13VTY000/0-14VTY000/0-2509#TheCTYline-typeistheConsolePort.
Onanyrouter,itappearsintherouterconfigurationaslinecon0andintheoutputoftheshowlinecommandascty.
Theconsoleportismainlyusedforlocalsystemaccessusingaconsoleterminal.
TheTTYlinesareasynchronouslinesusedforinboundoroutboundmodemandterminalconnectionsandcanbeseeninarouteroraccessserverconfigurationaslinex.
Thespecificlinenumbersareafunctionofthehardwarebuiltintoorinstalledontherouteroraccessserver.
TheAUXlineistheAuxiliaryport,seenintheconfigurationaslineaux0.
TheVTYlinesaretheVirtualTerminallinesoftherouter,usedsolelytocontrolinboundTelnetconnections.
Theyarevirtual,inthesensethattheyareafunctionofsoftware-thereisnohardwareassociatedwiththem.
Theyappearintheconfigurationaslinevty04.
Eachofthesetypesoflinescanbeconfiguredwithpasswordprotection.
Linescanbeconfiguredtouseonepasswordforallusers,orforuser-specificpasswords.
User-specificpasswordscanbeconfiguredlocallyontherouter,oryoucanuseanauthenticationservertoprovideauthentication.
Thereisnoprohibitionagainstconfiguringdifferentlineswithdifferenttypesofpasswordprotection.
Itis,infact,commontoseerouterswithasinglepasswordfortheconsoleanduser-specificpasswordsforotherinboundconnections.
Belowisanexampleofrouteroutputfromtheshowrunning-configcommand:2509#showrunning-configBuildingconfiguration.
.
.
Currentconfiguration:655bytes!
version12.
2.
.
.
!
---Configurationeditedforbrevitylinecon0line18lineaux0linevty04!
endConfigurePasswordsontheLineTospecifyapasswordonaline,usethepasswordcommandinlineconfigurationmode.
Toenablepasswordcheckingatlogin,usethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheconsole.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandthenswitchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#linecon0router(config-line)#1.
Configurethepassword,andenablepasswordcheckingatlogin.
router(config-line)#passwordletmeinrouter(config-line)#login2.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:Donotsaveconfigurationchangestolinecon0untilyourabilitytologinhasbeenverified.
3.
Note:Underthelineconsoleconfiguration,loginisarequiredconfigurationcommandtoenablepasswordcheckingatlogin.
Consoleauthenticationrequiresboththepasswordandthelogincommandstowork.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
.
.
.
!
---Linesomittedforbrevity!
linecon0passwordletmeinloginline18lineaux0linevty04!
endTotesttheconfiguration,logofftheconsoleandloginagain,usingtheconfiguredpasswordtoaccesstherouter:router#exitroutercon0isnowavailablePressRETURNtogetstarted.
UserAccessVerificationPassword:!
---Passwordenteredhereisnotdisplayedbytherouterrouter>Note:Beforeperformingthistest,ensurethatyouhaveanalternateconnectionintotherouter,suchasTelnetordial-in,incasethereisaproblemloggingbackintotherouter.
qTroubleshootLoginFailureIfyoucannotlogbackintotherouterandyouhavenotsavedtheconfiguration,reloadingtherouterwilleliminateanyconfigurationchangesyouhavemade.
Iftheconfigurationchangesweresavedandyoucannotlogintotherouter,youwillhavetoperformapasswordrecovery.
SeePasswordRecoveryProcedurestofindinstructionsforyourparticularplatform.
ConfigureLocalUser-SpecificPasswordsToestablishausername-basedauthenticationsystem,usetheusernamecommandinglobalconfigurationmode.
Toenablepasswordcheckingatlogin,usetheloginlocalcommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,passwordsareconfiguredforusersattemptingtoconnecttotherouterontheVTYlinesusingTelnet.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterusername/passwordcombinations,oneforeachuserforwhomyouwanttoallowaccesstotherouter:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#usernamerusspasswordmontecitorouter(config)#usernamecindypasswordbelgiumrouter(config)#usernamemikepasswordrottweiler1.
Switchtolineconfigurationmode,usingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#linevty04router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginlocal3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:InordertodisableautoTelnetwhenyoutypeanameontheCLI,configurenologgingpreferredonthelinethatisused.
Whiletransportpreferrednoneprovidesthesameoutput,italsodisablesautoTelnetforthedefinedhostthatareconfiguredwiththeiphostcommand.
Thisisunlikethenologgingpreferredcommand,whichstopsitforundefinedhostsandletsitworkforthedefinedones.
4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity!
usernamerusspassword0montecitousernamecindypassword0belgiumusernamemikepassword0rottweiler!
!
---Linesomittedforbrevity!
linecon0line18lineaux0linevty04loginlocal!
endTotestthisconfiguration,aTelnetconnectionmustbemadetotherouter.
Thiscanbedonebyconnectingfromadifferenthostonthenetwork,butyoucanalsotestfromtherouteritselfbytelnettingtotheIPaddressofanyinterfaceontherouterthatisinanup/upstateasseenintheoutputoftheshowinterfacescommand.
Hereisasampleoutputiftheaddressofqinterfaceethernet0were10.
1.
1.
1:router#telnet10.
1.
1.
1Trying10.
1.
1.
1.
.
.
OpenUserAccessVerificationUsername:mikePassword:!
---PasswordenteredhereisnotdisplayedbytherouterrouterTroubleshootUser-specificPasswordFailureUsernamesandpasswordsarecase-sensitive.
Usersattemptingtologinwithanincorrectlycasedusernameorpasswordwillberejected.
Ifusersareunabletologintotherouterwiththeirspecificpasswords,reconfiguretheusernameandpasswordontherouter.
ConfigureAUXLinePasswordInordertospecifyapasswordontheAUXline,issuethepasswordcommandinlineconfigurationmode.
Inordertoenablepasswordcheckingatlogin,issuethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheAUXport.
IssuetheshowlinecommandinordertoverifythelineusedbytheAUXport.
R1#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-65AUX9600/9600010/0-66VTY000/0-67VTY000/0-1.
Inthisexample,theAUXportisonline65.
IssuethesecommandsinordertoconfiguretherouterAUXline:R1#conftR1(config)#line65R1(config-line)#modeminoutR1(config-line)#speed115200R1(config-line)#transportinputallR1(config-line)#flowcontrolhardwareR1(config-line)#loginR1(config-line)#passwordciscoR1(config-line)#endR1#2.
VerifyConfigurationExaminetheconfigurationoftherouterinordertoverifythatthecommandshavebeenproperlyentered:Theshowrunning-configcommanddisplaysthecurrentconfigurationoftherouter:R1#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity.
lineaux0passwordciscologinmodemInOuttransportinputallspeed115200flowcontrolhardware!
---Linesomittedforbrevity.
!
endqConfigureAAAAuthenticationforLoginToenableauthentication,authorization,andaccounting(AAA)authenticationforlogins,usetheloginauthenticationcommandinlineconfigurationmode.
AAAservicesmustalsobeconfigured.
ConfigurationProcedureInthisexample,therouterisconfiguredtoretrieveusers'passwordsfromaTACACS+serverwhenusersattempttoconnecttotherouter.
Note:ConfiguringtheroutertouseothertypesofAAAservers(RADIUS,forexample)issimilar.
SeeConfiguringAuthenticationforadditionalinformation.
Note:ThisdocumentdoesnotaddressconfigurationoftheAAAserveritself.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterthecommandstoconfiguretheroutertouseAAAservicesforauthentication:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#aaanew-modelrouter(config)#aaaauthenticationloginmy-auth-listtacacs+router(config)#tacacs-serverhost192.
168.
1.
101router(config)#tacacs-serverkeyletmein1.
Switchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#line18router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginauthenticationmy-auth-list3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:Configuredfromconsolebyconsole4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#writeterminalBuildingconfiguration.
.
.
Currentconfiguration:!
version12.
0servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryption!
hostnamerouter!
aaanew-modelaaaauthenticationloginmy-auth-listtacacs+!
!
---Linesomittedforbrevity.
.
.
!
tacacs-serverhost192.
168.
1.
101tacacs-serverkeyletmein!
linecon0line18loginauthenticationmy-auth-listlineaux0linevty04!
endqTotestthisparticularconfiguration,aninboundoroutboundconnectionmustbemadetotheline.
SeetheModem-RouterConnectionGuideforspecificinformationonconfiguringasynclinesformodemconnections.
Alternately,youcanconfigureoneormoreVTYlinestoperformAAAauthenticationandperformyourtestingthereupon.
TroubleshootAAALoginFailureBeforeissuingdebugcommands,seeImportantInformationonDebugCommands.
Totroubleshootafailedloginattempt,usethedebugcommandappropriatetoyourconfiguration:debugaaaauthenticationqdebugradiusqdebugkerberosqRelatedInformationCiscoIOSDebugCommandReferenceqTechnicalSupport-CiscoSystemsq
PrerequisitesRequirementsInordertoperformthetasksdescribedinthisdocument,youmusthaveprivilegedEXECaccesstotherouter'scommandlineinterface(CLI).
Forinformationonusingthecommandlineandforunderstandingcommandmodes,seeUsingtheCiscoIOSCommand-LineInterface.
Forinstructionsonconnectingaconsoletoyourrouter,refertothedocumentationthataccompaniedyourrouter,orrefertotheonlinedocumentationforyourequipment.
ComponentsUsedTheinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:Cisco2509routerqCiscoIOSSoftwareVersion12.
2(19)qTheinformationinthisdocumentwascreatedfromthedevicesinaspecificlabenvironment.
Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.
Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.
ConventionsFormoreinformationondocumentconventions,refertotheCiscoTechnicalTipsConventions.
BackgroundInformationTheuseofpasswordprotectiontocontrolorrestrictaccesstothecommandlineinterface(CLI)ofyourrouterisoneofthefundamentalelementsofanoverallsecurityplan.
Protectingtherouterfromunauthorizedremoteaccess,typicallyTelnet,isthemostcommonsecuritythatneedsconfiguring,butprotectingtherouterfromunauthorizedlocalaccesscannotbeoverlooked.
Note:Passwordprotectionisjustoneofthemanystepsyoushoulduseinaneffectivein-depthnetworksecurityregimen.
Firewalls,access-lists,andcontrolofphysicalaccesstotheequipmentareotherelementsthatmustbeconsideredwhenimplementingyoursecurityplan.
Commandline,orEXEC,accesstoaroutercanbemadeinanumberofways,butinallcasestheinboundconnectiontotherouterismadeonaTTYline.
TherearefourmaintypesofTTYlines,asseeninthissampleshowlineoutput:2509#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-1TTY9600/9600000/0-2TTY9600/9600000/0-3TTY9600/9600000/0-4TTY9600/9600000/0-5TTY9600/9600000/0-6TTY9600/9600000/0-7TTY9600/9600000/0-8TTY9600/9600000/0-9AUX9600/9600000/0-10VTY000/0-11VTY000/0-12VTY000/0-13VTY000/0-14VTY000/0-2509#TheCTYline-typeistheConsolePort.
Onanyrouter,itappearsintherouterconfigurationaslinecon0andintheoutputoftheshowlinecommandascty.
Theconsoleportismainlyusedforlocalsystemaccessusingaconsoleterminal.
TheTTYlinesareasynchronouslinesusedforinboundoroutboundmodemandterminalconnectionsandcanbeseeninarouteroraccessserverconfigurationaslinex.
Thespecificlinenumbersareafunctionofthehardwarebuiltintoorinstalledontherouteroraccessserver.
TheAUXlineistheAuxiliaryport,seenintheconfigurationaslineaux0.
TheVTYlinesaretheVirtualTerminallinesoftherouter,usedsolelytocontrolinboundTelnetconnections.
Theyarevirtual,inthesensethattheyareafunctionofsoftware-thereisnohardwareassociatedwiththem.
Theyappearintheconfigurationaslinevty04.
Eachofthesetypesoflinescanbeconfiguredwithpasswordprotection.
Linescanbeconfiguredtouseonepasswordforallusers,orforuser-specificpasswords.
User-specificpasswordscanbeconfiguredlocallyontherouter,oryoucanuseanauthenticationservertoprovideauthentication.
Thereisnoprohibitionagainstconfiguringdifferentlineswithdifferenttypesofpasswordprotection.
Itis,infact,commontoseerouterswithasinglepasswordfortheconsoleanduser-specificpasswordsforotherinboundconnections.
Belowisanexampleofrouteroutputfromtheshowrunning-configcommand:2509#showrunning-configBuildingconfiguration.
.
.
Currentconfiguration:655bytes!
version12.
2.
.
.
!
---Configurationeditedforbrevitylinecon0line18lineaux0linevty04!
endConfigurePasswordsontheLineTospecifyapasswordonaline,usethepasswordcommandinlineconfigurationmode.
Toenablepasswordcheckingatlogin,usethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheconsole.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandthenswitchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#linecon0router(config-line)#1.
Configurethepassword,andenablepasswordcheckingatlogin.
router(config-line)#passwordletmeinrouter(config-line)#login2.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:Donotsaveconfigurationchangestolinecon0untilyourabilitytologinhasbeenverified.
3.
Note:Underthelineconsoleconfiguration,loginisarequiredconfigurationcommandtoenablepasswordcheckingatlogin.
Consoleauthenticationrequiresboththepasswordandthelogincommandstowork.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
.
.
.
!
---Linesomittedforbrevity!
linecon0passwordletmeinloginline18lineaux0linevty04!
endTotesttheconfiguration,logofftheconsoleandloginagain,usingtheconfiguredpasswordtoaccesstherouter:router#exitroutercon0isnowavailablePressRETURNtogetstarted.
UserAccessVerificationPassword:!
---Passwordenteredhereisnotdisplayedbytherouterrouter>Note:Beforeperformingthistest,ensurethatyouhaveanalternateconnectionintotherouter,suchasTelnetordial-in,incasethereisaproblemloggingbackintotherouter.
qTroubleshootLoginFailureIfyoucannotlogbackintotherouterandyouhavenotsavedtheconfiguration,reloadingtherouterwilleliminateanyconfigurationchangesyouhavemade.
Iftheconfigurationchangesweresavedandyoucannotlogintotherouter,youwillhavetoperformapasswordrecovery.
SeePasswordRecoveryProcedurestofindinstructionsforyourparticularplatform.
ConfigureLocalUser-SpecificPasswordsToestablishausername-basedauthenticationsystem,usetheusernamecommandinglobalconfigurationmode.
Toenablepasswordcheckingatlogin,usetheloginlocalcommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,passwordsareconfiguredforusersattemptingtoconnecttotherouterontheVTYlinesusingTelnet.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterusername/passwordcombinations,oneforeachuserforwhomyouwanttoallowaccesstotherouter:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#usernamerusspasswordmontecitorouter(config)#usernamecindypasswordbelgiumrouter(config)#usernamemikepasswordrottweiler1.
Switchtolineconfigurationmode,usingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#linevty04router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginlocal3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:InordertodisableautoTelnetwhenyoutypeanameontheCLI,configurenologgingpreferredonthelinethatisused.
Whiletransportpreferrednoneprovidesthesameoutput,italsodisablesautoTelnetforthedefinedhostthatareconfiguredwiththeiphostcommand.
Thisisunlikethenologgingpreferredcommand,whichstopsitforundefinedhostsandletsitworkforthedefinedones.
4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity!
usernamerusspassword0montecitousernamecindypassword0belgiumusernamemikepassword0rottweiler!
!
---Linesomittedforbrevity!
linecon0line18lineaux0linevty04loginlocal!
endTotestthisconfiguration,aTelnetconnectionmustbemadetotherouter.
Thiscanbedonebyconnectingfromadifferenthostonthenetwork,butyoucanalsotestfromtherouteritselfbytelnettingtotheIPaddressofanyinterfaceontherouterthatisinanup/upstateasseenintheoutputoftheshowinterfacescommand.
Hereisasampleoutputiftheaddressofqinterfaceethernet0were10.
1.
1.
1:router#telnet10.
1.
1.
1Trying10.
1.
1.
1.
.
.
OpenUserAccessVerificationUsername:mikePassword:!
---PasswordenteredhereisnotdisplayedbytherouterrouterTroubleshootUser-specificPasswordFailureUsernamesandpasswordsarecase-sensitive.
Usersattemptingtologinwithanincorrectlycasedusernameorpasswordwillberejected.
Ifusersareunabletologintotherouterwiththeirspecificpasswords,reconfiguretheusernameandpasswordontherouter.
ConfigureAUXLinePasswordInordertospecifyapasswordontheAUXline,issuethepasswordcommandinlineconfigurationmode.
Inordertoenablepasswordcheckingatlogin,issuethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheAUXport.
IssuetheshowlinecommandinordertoverifythelineusedbytheAUXport.
R1#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-65AUX9600/9600010/0-66VTY000/0-67VTY000/0-1.
Inthisexample,theAUXportisonline65.
IssuethesecommandsinordertoconfiguretherouterAUXline:R1#conftR1(config)#line65R1(config-line)#modeminoutR1(config-line)#speed115200R1(config-line)#transportinputallR1(config-line)#flowcontrolhardwareR1(config-line)#loginR1(config-line)#passwordciscoR1(config-line)#endR1#2.
VerifyConfigurationExaminetheconfigurationoftherouterinordertoverifythatthecommandshavebeenproperlyentered:Theshowrunning-configcommanddisplaysthecurrentconfigurationoftherouter:R1#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity.
lineaux0passwordciscologinmodemInOuttransportinputallspeed115200flowcontrolhardware!
---Linesomittedforbrevity.
!
endqConfigureAAAAuthenticationforLoginToenableauthentication,authorization,andaccounting(AAA)authenticationforlogins,usetheloginauthenticationcommandinlineconfigurationmode.
AAAservicesmustalsobeconfigured.
ConfigurationProcedureInthisexample,therouterisconfiguredtoretrieveusers'passwordsfromaTACACS+serverwhenusersattempttoconnecttotherouter.
Note:ConfiguringtheroutertouseothertypesofAAAservers(RADIUS,forexample)issimilar.
SeeConfiguringAuthenticationforadditionalinformation.
Note:ThisdocumentdoesnotaddressconfigurationoftheAAAserveritself.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterthecommandstoconfiguretheroutertouseAAAservicesforauthentication:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#aaanew-modelrouter(config)#aaaauthenticationloginmy-auth-listtacacs+router(config)#tacacs-serverhost192.
168.
1.
101router(config)#tacacs-serverkeyletmein1.
Switchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#line18router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginauthenticationmy-auth-list3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:Configuredfromconsolebyconsole4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#writeterminalBuildingconfiguration.
.
.
Currentconfiguration:!
version12.
0servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryption!
hostnamerouter!
aaanew-modelaaaauthenticationloginmy-auth-listtacacs+!
!
---Linesomittedforbrevity.
.
.
!
tacacs-serverhost192.
168.
1.
101tacacs-serverkeyletmein!
linecon0line18loginauthenticationmy-auth-listlineaux0linevty04!
endqTotestthisparticularconfiguration,aninboundoroutboundconnectionmustbemadetotheline.
SeetheModem-RouterConnectionGuideforspecificinformationonconfiguringasynclinesformodemconnections.
Alternately,youcanconfigureoneormoreVTYlinestoperformAAAauthenticationandperformyourtestingthereupon.
TroubleshootAAALoginFailureBeforeissuingdebugcommands,seeImportantInformationonDebugCommands.
Totroubleshootafailedloginattempt,usethedebugcommandappropriatetoyourconfiguration:debugaaaauthenticationqdebugradiusqdebugkerberosqRelatedInformationCiscoIOSDebugCommandReferenceqTechnicalSupport-CiscoSystemsq
- numberletmein相关文档
- MACletmein
- 证书letmein
- doubleletmein
- 呼叫letmein
- 用户letmein
- contentsletmein
HostYun 新上美国CN2 GIA VPS 月15元
HostYun 商家以前是玩具主机商,这两年好像发展还挺迅速的,有点在要做点事情的味道。在前面也有多次介绍到HostYun商家新增的多款机房方案,价格相对还是比较便宜的。到目前为止,我们可以看到商家提供的VPS主机包括KVM和XEN架构,数据中心可选日本、韩国、香港和美国的多个地区机房,电信双程CN2 GIA线路,香港和日本机房,均为国内直连线路。近期,HostYun上线低价版美国CN2 GIA ...
Kinponet是谁?Kinponet前身公司叫金宝idc 成立于2013年 开始代理销售美国vps。
在2014年发现原来使用VPS的客户需求慢慢的在改版,VPS已经不能满足客户的需求。我们开始代理机房的独立服务器,主推和HS机房的独立服务器。经过一年多的发展,我们发现代理的服务器配置参差不齐,机房的售后服务也无法完全跟上,导致了很多问题发生,对使用体验带来了很多的不便,很多客户离开了我们。经过我们慎重的考虑和客户的建议。我们在2015开始了重大的改变, 2015年,我们开始计划托管自己...
DogYun(300元/月),韩国独立服务器,E5/SSD+NVMe
DogYun(中文名称狗云)新上了一批韩国自动化上架独立服务器,使用月减200元优惠码后仅需每月300元,双E5 CPU,SSD+NVMe高性能硬盘,支持安装Linux或者Windows操作系统,下单自动化上架。这是一家成立于2019年的国人主机商,提供VPS和独立服务器租用等产品,数据中心包括中国香港、美国洛杉矶、日本、韩国、德国、荷兰等。下面分享这款自动化上架韩国独立服务器的配置和优惠码信息。...
letmein为你推荐
-
独立ip空间独立ip主机空间有什么用?asp主机空间Asp空间是什么空间啊?跟有的网站提供的免费空间有什么区别吗?国内ip代理谁有最快的国内IP代理HTTPasp网站空间谁有能申请免费的ASP空间网站?免费网站空间申请哪个网站可以申请免费的网页空间韩国虚拟主机香港和韩国的虚拟主机哪个比较好?山东虚拟主机400电话哪家代理商办理得比较好下载虚拟主机虚拟机软件到那里下载。怎么安装windows虚拟主机虚拟机的windows和原来的windows什么关系美国虚拟主机购买美国虚拟主机如何购买