cisco switch enable ssh and telnet
cisco switch enable ssh and telnet
一、连接拓扑
PT3000 Boot Loader (PT3000-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1) Compiled Mon 22-Jul-02 18:57 by miwang Cisco WS-CSwitch-PT (RC32300) processor (revision C0) with 21039K bytes of memory. Switch-PT starting... Base ethernet MAC Address: 000C.854B.C453 Xmodem file system is available. Initializing Flash... flashfs[0]: 1 files, 0 directories flashfs[0]: 0 orphaned files, 0 orphaned directories flashfs[0]: Total bytes: 64016384 flashfs[0]: Bytes used: 3117390 flashfs[0]: Bytes available: 60898994 flashfs[0]: flashfs fsck took 1 seconds. ...done Initializing Flash. Boot Sector Filesystem (bs:) installed, fsid: 3 Parameter Block Filesystem (pb:) installed, fsid: 4 Loading "flash:/pt3000-i6q4l2-mz.121-22.EA4.bin"... ########################################################################## [OK] Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) PT3000 Software (PT3000-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Fri 12-May-06 17:19 by pt_team Cisco WS-CSwitch-PT (RC32300) processor (revision C0) with 21039K bytes of memory. Processor board ID FHK0610Z0WC Running Standard Image 6 FastEthernet/IEEE 802.3 interface(s) 63488K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 000C.854B.C453 Motherboard assembly number: 73-5781-09 Power supply part number: 34-0965-01 Motherboard serial number: FOC061004SZ Power supply serial number: DAB0609127D Model revision number: C0 Motherboard revision number: A0 Model number: WS-CSwitch-PT System serial number: FHK0610Z0WC Cisco Internetwork Operating System Software IOS (tm) PT3000 Software (PT3000-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2006 by cisco Systems, Inc. Compiled Fri 12-May-06 17:19 by pt_team Press RETURN to get started! %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up Switch>
二、恢复出厂设置
Switch>show version | include IOS // 查看IOS版本
IOS (tm) PT3000 Software (PT3000-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1)
Switch>
Switch>enable // 进入特权模式
Switch#
Switch#erase startup-config // 擦除已经保存的配置
Erasing the nvram filesystem will remove all configuration files! Continue? [confirm]
[OK]
Erase of nvram: complete
%SYS-7-NV_BLOCK_INIT: Initialized the geometry of nvram
Switch#
Switch#reload // 重新加载配置
Proceed with reload? [confirm]
PT3000 Boot Loader (PT3000-HBOOT-M) Version 12.1(11r)EA1, RELEASE SOFTWARE (fc1)
Compiled Mon 22-Jul-02 18:57 by miwang
Cisco WS-CSwitch-PT (RC32300) processor (revision C0) with 21039K bytes of memory.
Switch-PT starting...
Base ethernet MAC Address: 0001.4281.2CA0
Xmodem file system is available.
Initializing Flash...
flashfs[0]: 2 files, 0 directories
flashfs[0]: 0 orphaned files, 0 orphaned directories
flashfs[0]: Total bytes: 64016384
flashfs[0]: Bytes used: 3117889
flashfs[0]: Bytes available: 60898495
flashfs[0]: flashfs fsck took 1 seconds.
...done Initializing Flash.
Boot Sector Filesystem (bs:) installed, fsid: 3
Parameter Block Filesystem (pb:) installed, fsid: 4
Loading "flash:/pt3000-i6q4l2-mz.121-22.EA4.bin"...
########################################################################## [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco Internetwork Operating System Software
IOS (tm) PT3000 Software (PT3000-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Fri 12-May-06 17:19 by pt_team
Cisco WS-CSwitch-PT (RC32300) processor (revision C0) with 21039K bytes of memory.
Processor board ID FHK0610Z0WC
Running Standard Image
6 FastEthernet/IEEE 802.3 interface(s)
63488K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 0001.4281.2CA0
Motherboard assembly number: 73-5781-09
Power supply part number: 34-0965-01
Motherboard serial number: FOC061004SZ
Power supply serial number: DAB0609127D
Model revision number: C0
Motherboard revision number: A0
Model number: WS-CSwitch-PT
System serial number: FHK0610Z0WC
Cisco Internetwork Operating System Software
IOS (tm) PT3000 Software (PT3000-I6Q4L2-M), Version 12.1(22)EA4, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2006 by cisco Systems, Inc.
Compiled Fri 12-May-06 17:19 by pt_team
Press RETURN to get started!
Switch>
Switch>enable // 进入特权模式
Switch#
Switch#show running-config // 显示运行中的配置
Building configuration...
Current configuration : 499 bytes
!
version 12.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
!
interface FastEthernet1/1
!
interface FastEthernet2/1
!
interface FastEthernet3/1
!
interface FastEthernet4/1
!
interface FastEthernet5/1
!
interface Vlan1
no ip address
shutdown
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
!
!
end
Switch#
Switch#show clock detail // 显示系统时钟
*0:0:45.325 UTC Mon Mar 1 1993
Time source is hardware calendar
Switch#
Switch#show flash: // 显示flash分区目录
Directory of flash:/
3 -rw- 499 <no date> config.text
1 -rw- 3117390 <no date> pt3000-i6q4l2-mz.121-22.EA4.bin
64016384 bytes total (60898495 bytes free)
Switch#
三、设置Console的登录用户名和密码
Switch>enable Switch# Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# Switch(config)#username admin privilege 0 secret cisco // 设置系统用户名和密码 Switch(config)# Switch(config)#service password-encryption // 启动密码加密服务 Switch(config)# Switch(config)#enable secret 123456 // 设置进入特权模式的密码 Switch(config)# Switch(config)#exit // 退出到上一级 Switch# %SYS-5-CONFIG_I: Configured from console by console Switch# Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# Switch(config)#line console 0 // 配置Console Switch(config-line)# Switch(config-line)#login local // 本地密码认证 Switch(config-line)# Switch(config-line)#logging synchronous //光标跟随,同步信息输出 Switch(config-line)# Switch(config-line)#end // 结束配置 Switch# %SYS-5-CONFIG_I: Configured from console by console Switch# Switch#write Building configuration... [OK] Switch# Switch#show startup-config Using 636 bytes ! version 12.1 no service timestamps log datetime msec no service timestamps debug datetime msec service password-encryption ! hostname Switch ! enable secret 5 $1$mERr$H7PDxl7VYMqaD3id4jJVK/ ! ! ! ! username admin secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0 ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! interface FastEthernet0/1 ! interface FastEthernet1/1 ! interface FastEthernet2/1 ! interface FastEthernet3/1 ! interface FastEthernet4/1 ! interface FastEthernet5/1 ! interface Vlan1 no ip address shutdown ! ! ! ! line con 0 logging synchronous login local ! line vty 0 4 login line vty 5 15 login ! ! ! ! end Switch#
四、配置虚拟终端
User Access Verification Username: admin Password: Switch>enable Password: Switch# Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# Switch(config)#line vty 0 4 // 0~4 最大并行连接数 Switch(config-line)# Switch(config-line)#login local // 本地密码认证 Switch(config-line)# Switch(config-line)#logging synchronous // 光标跟随,同步信息输出 Switch(config-line)# Switch(config-line)#exec-timeout 10 0 // 超时时间为10分0秒 Switch(config-line)# Switch(config-line)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch# Switch#write Building configuration... [OK] Switch#
五、配置IP地址并启动端口
Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# Switch(config)#interface vlan 1 // 进入端口Vlan1 Switch(config-if)# Switch(config-if)#ip address 192.168.1.254 255.255.255.0 // 设置IP地址和子网掩码 Switch(config-if)# Switch(config-if)#no shutdown // 重启端口 Switch(config-if)# %LINK-5-CHANGED: Interface Vlan1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up Switch(config-if)# Switch(config-if)#end Switch# %SYS-5-CONFIG_I: Configured from console by console Switch# Switch#write Building configuration... [OK] Switch#
六、配置主机名和域名以及生成RSA密钥
Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)# Switch(config)#hostname sw0 // 修改设备名 sw0(config)# sw0(config)#ip domain-name ptest.net // 修改域名 sw0(config)# sw0(config)#crypto key zeroize rsa // 删除RSA密钥 % No Signature RSA Keys found in configuration. sw0(config)# sw0(config)#crypto key generate rsa // 生成RSA密钥 The name for the keys will be: sw0.ptest.net Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: 1024 % Generating 1024 bit RSA keys, keys will be non-exportable...[OK] sw0(config)# *3月 1 0:20:5.342: %SSH-5-ENABLED: SSH 1.99 has been enabled sw0(config)#end sw0# %SYS-5-CONFIG_I: Configured from console by console sw0# sw0#write Building configuration... [OK] sw0#
七、配置SSH服务
sw0#configure terminal Enter configuration commands, one per line. End with CNTL/Z. sw0(config)# sw0(config)#ip ssh authentication-retries 3 // 允许认证失败的次数 sw0(config)# sw0(config)#ip ssh time-out 120 // 超时时间120秒 sw0(config)# sw0(config)#ip ssh version 2 // 启动的SSH协议版本 sw0(config)# sw0(config)#end sw0# %SYS-5-CONFIG_I: Configured from console by console sw0# sw0#wri sw0#write Building configuration... [OK] sw0#
八、只允许特定主机访问虚拟终端
sw0#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
sw0(config)#
sw0(config)#access-list 101 permit ip host 192.168.1.251 any // 定义ACL策略ID为101的规则
sw0(config)#
sw0(config)#line vty 0 4
sw0(config-line)#
sw0(config-line)#access-class 101 in // 在流进设备的数据流中调用ACL策略ID为101的规则
sw0(config-line)#
sw0(config-line)#end
sw0#
%SYS-5-CONFIG_I: Configured from console by console
sw0#
sw0#write
Building configuration...
[OK]
sw0#
sw0#show ip interface brief // 显示IP接口的概要信息
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet1/1 unassigned YES manual down down
FastEthernet2/1 unassigned YES manual down down
FastEthernet3/1 unassigned YES manual down down
FastEthernet4/1 unassigned YES manual down down
FastEthernet5/1 unassigned YES manual down down
Vlan1 192.168.1.254 YES manual up up
sw0#
sw0#show vlan brief // 显示VLAN的概要信息
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa1/1, Fa2/1, Fa3/1
Fa4/1, Fa5/1
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
sw0#
九、在PC上使用命令行工具,尝试 ping sw0的IP地址 192.168.1.254
C:\>?
Available Commands:
? Display the list of available commands
arp Display the arp table
cd Displays the name of or changes the current directory.
delete Deletes the specified file from C: directory.
dir Displays the list of files in C: directory.
exit Quits the CMD.EXE program (command interpreter)
ftp Transfers files to and from a computer running an FTP server.
help Display the list of available commands
ide Starts IoX development environment
ioxclient Command line tool to assist in app development for Cisco IOx
platforms
ipconfig Display network configuration for each network adapter
ipv6config Display network configuration for each network adapter
js JavaScript Interactive Interpreter
mkdir Creates a directory.
netsh
netstat Displays protocol statistics and current TCP/IP network
connections
nslookup DNS Lookup
ping Send echo messages
python Python Interactive Interpreter
quit Exit Telnet/SSH
rmdir Removes a directory.
snmpget SNMP GET
snmpgetbulk SNMP GET BULK
snmpset SNMP SET
ssh ssh client
telnet Telnet client
tracert Trace route to destination
C:\>
C:\>ipconfig /?
Packet Tracer PC IP Configuration
Usage:
ipconfig { /? | /renew | /release | <IP> <subnet mask> [<default gateway>] }
C:\>
C:\>ipconfig
FastEthernet0 Connection:(default port)
Link-local IPv6 Address.........: FE80::2E0:B0FF:FE0A:3754
IP Address......................: 192.168.1.251
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 192.168.1.1
Bluetooth Connection:
Link-local IPv6 Address.........: ::
IP Address......................: 0.0.0.0
Subnet Mask.....................: 0.0.0.0
Default Gateway.................: 0.0.0.0
C:\>
C:\>ping 192.168.1.254
Pinging 192.168.1.254 with 32 bytes of data:
Reply from 192.168.1.254: bytes=32 time<1ms TTL=255
Reply from 192.168.1.254: bytes=32 time<1ms TTL=255
Reply from 192.168.1.254: bytes=32 time=9ms TTL=255
Reply from 192.168.1.254: bytes=32 time<1ms TTL=255
Ping statistics for 192.168.1.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 9ms, Average = 2ms
C:\>
C:\>arp -a
Internet Address Physical Address Type
192.168.1.254 0006.2a13.3b67 dynamic
C:\>
十、测试telnet和SSH连接sw0
C:\>telnet /? Packet Tracer PC Telnet Usage: telnet target [port] C:\> C:\>telnet 192.168.1.254 Trying 192.168.1.254 ...Open User Access Verification Username: adminUsername: Password: sw0> sw0>enable Password: sw0# sw0#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES manual up up FastEthernet1/1 unassigned YES manual down down FastEthernet2/1 unassigned YES manual down down FastEthernet3/1 unassigned YES manual down down FastEthernet4/1 unassigned YES manual down down FastEthernet5/1 unassigned YES manual down down Vlan1 192.168.1.254 YES manual up up sw0# sw0#exit [Connection to 192.168.1.254 closed by foreign host] C:\> C:\>ssh /? Packet Tracer PC SSH Usage: SSH -l username target C:\> C:\>ssh -l admin 192.168.1.254 Password: sw0> sw0>enable Password: sw0# sw0#show ip interface brief Interface IP-Address OK? Method Status Protocol FastEthernet0/1 unassigned YES manual up up FastEthernet1/1 unassigned YES manual down down FastEthernet2/1 unassigned YES manual down down FastEthernet3/1 unassigned YES manual down down FastEthernet4/1 unassigned YES manual down down FastEthernet5/1 unassigned YES manual down down Vlan1 192.168.1.254 YES manual up up sw0# sw0#exit [Connection to 192.168.1.254 closed by foreign host] C:\>
================ End
浙公网安备 33010602011771号