numberletmein
letmein 时间:2021-01-15 阅读:(
)
Telnet,ConsoleandAUXPortPasswordsonCiscoRoutersConfigurationExampleContentsIntroductionPrerequisitesRequirementsComponentsUsedConventionsBackgroundInformationConfigurePasswordsontheLineConfigurationProcedureVerifytheConfigurationTroubleshootLoginFailureConfigureLocalUser-SpecificPasswordsConfigurationProcedureVerifytheConfigurationTroubleshootUser-specificPasswordFailureConfigureAUXLinePasswordConfigurationProcedureVerifyConfigurationConfigureAAAAuthenticationforLoginConfigurationProcedureVerifytheConfigurationTroubleshootAAALoginFailureRelatedInformationIntroductionThisdocumentprovidessampleconfigurationsforconfiguringpasswordprotectionforinboundEXECconnectionstotherouter.
PrerequisitesRequirementsInordertoperformthetasksdescribedinthisdocument,youmusthaveprivilegedEXECaccesstotherouter'scommandlineinterface(CLI).
Forinformationonusingthecommandlineandforunderstandingcommandmodes,seeUsingtheCiscoIOSCommand-LineInterface.
Forinstructionsonconnectingaconsoletoyourrouter,refertothedocumentationthataccompaniedyourrouter,orrefertotheonlinedocumentationforyourequipment.
ComponentsUsedTheinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:Cisco2509routerqCiscoIOSSoftwareVersion12.
2(19)qTheinformationinthisdocumentwascreatedfromthedevicesinaspecificlabenvironment.
Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.
Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.
ConventionsFormoreinformationondocumentconventions,refertotheCiscoTechnicalTipsConventions.
BackgroundInformationTheuseofpasswordprotectiontocontrolorrestrictaccesstothecommandlineinterface(CLI)ofyourrouterisoneofthefundamentalelementsofanoverallsecurityplan.
Protectingtherouterfromunauthorizedremoteaccess,typicallyTelnet,isthemostcommonsecuritythatneedsconfiguring,butprotectingtherouterfromunauthorizedlocalaccesscannotbeoverlooked.
Note:Passwordprotectionisjustoneofthemanystepsyoushoulduseinaneffectivein-depthnetworksecurityregimen.
Firewalls,access-lists,andcontrolofphysicalaccesstotheequipmentareotherelementsthatmustbeconsideredwhenimplementingyoursecurityplan.
Commandline,orEXEC,accesstoaroutercanbemadeinanumberofways,butinallcasestheinboundconnectiontotherouterismadeonaTTYline.
TherearefourmaintypesofTTYlines,asseeninthissampleshowlineoutput:2509#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-1TTY9600/9600000/0-2TTY9600/9600000/0-3TTY9600/9600000/0-4TTY9600/9600000/0-5TTY9600/9600000/0-6TTY9600/9600000/0-7TTY9600/9600000/0-8TTY9600/9600000/0-9AUX9600/9600000/0-10VTY000/0-11VTY000/0-12VTY000/0-13VTY000/0-14VTY000/0-2509#TheCTYline-typeistheConsolePort.
Onanyrouter,itappearsintherouterconfigurationaslinecon0andintheoutputoftheshowlinecommandascty.
Theconsoleportismainlyusedforlocalsystemaccessusingaconsoleterminal.
TheTTYlinesareasynchronouslinesusedforinboundoroutboundmodemandterminalconnectionsandcanbeseeninarouteroraccessserverconfigurationaslinex.
Thespecificlinenumbersareafunctionofthehardwarebuiltintoorinstalledontherouteroraccessserver.
TheAUXlineistheAuxiliaryport,seenintheconfigurationaslineaux0.
TheVTYlinesaretheVirtualTerminallinesoftherouter,usedsolelytocontrolinboundTelnetconnections.
Theyarevirtual,inthesensethattheyareafunctionofsoftware-thereisnohardwareassociatedwiththem.
Theyappearintheconfigurationaslinevty04.
Eachofthesetypesoflinescanbeconfiguredwithpasswordprotection.
Linescanbeconfiguredtouseonepasswordforallusers,orforuser-specificpasswords.
User-specificpasswordscanbeconfiguredlocallyontherouter,oryoucanuseanauthenticationservertoprovideauthentication.
Thereisnoprohibitionagainstconfiguringdifferentlineswithdifferenttypesofpasswordprotection.
Itis,infact,commontoseerouterswithasinglepasswordfortheconsoleanduser-specificpasswordsforotherinboundconnections.
Belowisanexampleofrouteroutputfromtheshowrunning-configcommand:2509#showrunning-configBuildingconfiguration.
.
.
Currentconfiguration:655bytes!
version12.
2.
.
.
!
---Configurationeditedforbrevitylinecon0line18lineaux0linevty04!
endConfigurePasswordsontheLineTospecifyapasswordonaline,usethepasswordcommandinlineconfigurationmode.
Toenablepasswordcheckingatlogin,usethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheconsole.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandthenswitchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#linecon0router(config-line)#1.
Configurethepassword,andenablepasswordcheckingatlogin.
router(config-line)#passwordletmeinrouter(config-line)#login2.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:Donotsaveconfigurationchangestolinecon0untilyourabilitytologinhasbeenverified.
3.
Note:Underthelineconsoleconfiguration,loginisarequiredconfigurationcommandtoenablepasswordcheckingatlogin.
Consoleauthenticationrequiresboththepasswordandthelogincommandstowork.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
.
.
.
!
---Linesomittedforbrevity!
linecon0passwordletmeinloginline18lineaux0linevty04!
endTotesttheconfiguration,logofftheconsoleandloginagain,usingtheconfiguredpasswordtoaccesstherouter:router#exitroutercon0isnowavailablePressRETURNtogetstarted.
UserAccessVerificationPassword:!
---Passwordenteredhereisnotdisplayedbytherouterrouter>Note:Beforeperformingthistest,ensurethatyouhaveanalternateconnectionintotherouter,suchasTelnetordial-in,incasethereisaproblemloggingbackintotherouter.
qTroubleshootLoginFailureIfyoucannotlogbackintotherouterandyouhavenotsavedtheconfiguration,reloadingtherouterwilleliminateanyconfigurationchangesyouhavemade.
Iftheconfigurationchangesweresavedandyoucannotlogintotherouter,youwillhavetoperformapasswordrecovery.
SeePasswordRecoveryProcedurestofindinstructionsforyourparticularplatform.
ConfigureLocalUser-SpecificPasswordsToestablishausername-basedauthenticationsystem,usetheusernamecommandinglobalconfigurationmode.
Toenablepasswordcheckingatlogin,usetheloginlocalcommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,passwordsareconfiguredforusersattemptingtoconnecttotherouterontheVTYlinesusingTelnet.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterusername/passwordcombinations,oneforeachuserforwhomyouwanttoallowaccesstotherouter:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#usernamerusspasswordmontecitorouter(config)#usernamecindypasswordbelgiumrouter(config)#usernamemikepasswordrottweiler1.
Switchtolineconfigurationmode,usingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#linevty04router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginlocal3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:InordertodisableautoTelnetwhenyoutypeanameontheCLI,configurenologgingpreferredonthelinethatisused.
Whiletransportpreferrednoneprovidesthesameoutput,italsodisablesautoTelnetforthedefinedhostthatareconfiguredwiththeiphostcommand.
Thisisunlikethenologgingpreferredcommand,whichstopsitforundefinedhostsandletsitworkforthedefinedones.
4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity!
usernamerusspassword0montecitousernamecindypassword0belgiumusernamemikepassword0rottweiler!
!
---Linesomittedforbrevity!
linecon0line18lineaux0linevty04loginlocal!
endTotestthisconfiguration,aTelnetconnectionmustbemadetotherouter.
Thiscanbedonebyconnectingfromadifferenthostonthenetwork,butyoucanalsotestfromtherouteritselfbytelnettingtotheIPaddressofanyinterfaceontherouterthatisinanup/upstateasseenintheoutputoftheshowinterfacescommand.
Hereisasampleoutputiftheaddressofqinterfaceethernet0were10.
1.
1.
1:router#telnet10.
1.
1.
1Trying10.
1.
1.
1.
.
.
OpenUserAccessVerificationUsername:mikePassword:!
---PasswordenteredhereisnotdisplayedbytherouterrouterTroubleshootUser-specificPasswordFailureUsernamesandpasswordsarecase-sensitive.
Usersattemptingtologinwithanincorrectlycasedusernameorpasswordwillberejected.
Ifusersareunabletologintotherouterwiththeirspecificpasswords,reconfiguretheusernameandpasswordontherouter.
ConfigureAUXLinePasswordInordertospecifyapasswordontheAUXline,issuethepasswordcommandinlineconfigurationmode.
Inordertoenablepasswordcheckingatlogin,issuethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheAUXport.
IssuetheshowlinecommandinordertoverifythelineusedbytheAUXport.
R1#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-65AUX9600/9600010/0-66VTY000/0-67VTY000/0-1.
Inthisexample,theAUXportisonline65.
IssuethesecommandsinordertoconfiguretherouterAUXline:R1#conftR1(config)#line65R1(config-line)#modeminoutR1(config-line)#speed115200R1(config-line)#transportinputallR1(config-line)#flowcontrolhardwareR1(config-line)#loginR1(config-line)#passwordciscoR1(config-line)#endR1#2.
VerifyConfigurationExaminetheconfigurationoftherouterinordertoverifythatthecommandshavebeenproperlyentered:Theshowrunning-configcommanddisplaysthecurrentconfigurationoftherouter:R1#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity.
lineaux0passwordciscologinmodemInOuttransportinputallspeed115200flowcontrolhardware!
---Linesomittedforbrevity.
!
endqConfigureAAAAuthenticationforLoginToenableauthentication,authorization,andaccounting(AAA)authenticationforlogins,usetheloginauthenticationcommandinlineconfigurationmode.
AAAservicesmustalsobeconfigured.
ConfigurationProcedureInthisexample,therouterisconfiguredtoretrieveusers'passwordsfromaTACACS+serverwhenusersattempttoconnecttotherouter.
Note:ConfiguringtheroutertouseothertypesofAAAservers(RADIUS,forexample)issimilar.
SeeConfiguringAuthenticationforadditionalinformation.
Note:ThisdocumentdoesnotaddressconfigurationoftheAAAserveritself.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterthecommandstoconfiguretheroutertouseAAAservicesforauthentication:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#aaanew-modelrouter(config)#aaaauthenticationloginmy-auth-listtacacs+router(config)#tacacs-serverhost192.
168.
1.
101router(config)#tacacs-serverkeyletmein1.
Switchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#line18router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginauthenticationmy-auth-list3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:Configuredfromconsolebyconsole4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#writeterminalBuildingconfiguration.
.
.
Currentconfiguration:!
version12.
0servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryption!
hostnamerouter!
aaanew-modelaaaauthenticationloginmy-auth-listtacacs+!
!
---Linesomittedforbrevity.
.
.
!
tacacs-serverhost192.
168.
1.
101tacacs-serverkeyletmein!
linecon0line18loginauthenticationmy-auth-listlineaux0linevty04!
endqTotestthisparticularconfiguration,aninboundoroutboundconnectionmustbemadetotheline.
SeetheModem-RouterConnectionGuideforspecificinformationonconfiguringasynclinesformodemconnections.
Alternately,youcanconfigureoneormoreVTYlinestoperformAAAauthenticationandperformyourtestingthereupon.
TroubleshootAAALoginFailureBeforeissuingdebugcommands,seeImportantInformationonDebugCommands.
Totroubleshootafailedloginattempt,usethedebugcommandappropriatetoyourconfiguration:debugaaaauthenticationqdebugradiusqdebugkerberosqRelatedInformationCiscoIOSDebugCommandReferenceqTechnicalSupport-CiscoSystemsq
Hostodo近日发布了美国独立日优惠促销活动,主要推送了四款特价优惠便宜的VPS云服务器产品,基于KVM虚拟架构,NVMe阵列,1Gbps带宽,默认分配一个IPv4+/64 IPv6,采用solusvm管理,赠送收费版DirectAdmin授权,服务有效期内均有效,大致约为7折优惠,独立日活动时间不定,活动机型售罄为止,有需要的朋友可以尝试一下。Hostodo怎么样?Hostodo服务器好不好?...
Virmach 商家算是比较久且一直在低价便宜VPS方案中玩的不亦乐乎的商家,有很多同时期的商家纷纷关闭转让,也有的转型到中高端用户。而前一段时间也有分享过一次Virmach商家推出所谓的一次性便宜VPS主机,比如很低的价格半年时间,时间到服务器也就关闭。这不今天又看到商家有提供这样的产品。这次的活动产品包括圣何塞和水牛城两个机房,为期六个月,一次性付费用完将会取消,就这么特别的产品,适合短期玩玩...
Moack怎么样?Moack(蘑菇主机)是一家成立于2016年的商家,据说是国人和韩国合资开办的主机商家,目前主要销售独立服务器,机房位于韩国MOACK机房,网络接入了kt/lg/kinx三条线路,目前到中国大陆的速度非常好,国内Ping值平均在45MS左右,而且商家的套餐比较便宜,针对国人有很多活动。不过目前如果购买机器如需现场处理,由于COVID-19越来越严重,MOACK办公楼里的人也被感染...
letmein为你推荐
租用虚拟主机买一台服务器,做虚拟主机租用,出售,怎么做?美国主机空间美国主机空间不限制内容吗已备案域名查询如何快速查询已备案域名并抢注网络服务器租用服务器租用 使用方法info域名注册info域名什么时候出现的?域名注册查询怎么查看域名是否注册域名服务商买域名,一定要选择好的服务商域名服务商如何更换域名服务商免费网站域名申请怎么免费上传我的网站呀和免费申请域名便宜的虚拟主机免费、便宜的虚拟主机哪里有?要好用的 ,速度快的
域名注册服务 如何查询ip地址 域名解析服务器 密码泄露 500m空间 北京双线 东莞数据中心 免费dns解析 申请网页 备案空间 海外加速 标准机柜 ftp是什么东西 联想塔式服务器 免费服务器代理 无限流量卡 联想789 真正的免费网络电话 杭州电信宽带资费 rebootandselectproper 更多