numberletmein
letmein 时间:2021-01-15 阅读:()
Telnet,ConsoleandAUXPortPasswordsonCiscoRoutersConfigurationExampleContentsIntroductionPrerequisitesRequirementsComponentsUsedConventionsBackgroundInformationConfigurePasswordsontheLineConfigurationProcedureVerifytheConfigurationTroubleshootLoginFailureConfigureLocalUser-SpecificPasswordsConfigurationProcedureVerifytheConfigurationTroubleshootUser-specificPasswordFailureConfigureAUXLinePasswordConfigurationProcedureVerifyConfigurationConfigureAAAAuthenticationforLoginConfigurationProcedureVerifytheConfigurationTroubleshootAAALoginFailureRelatedInformationIntroductionThisdocumentprovidessampleconfigurationsforconfiguringpasswordprotectionforinboundEXECconnectionstotherouter.
PrerequisitesRequirementsInordertoperformthetasksdescribedinthisdocument,youmusthaveprivilegedEXECaccesstotherouter'scommandlineinterface(CLI).
Forinformationonusingthecommandlineandforunderstandingcommandmodes,seeUsingtheCiscoIOSCommand-LineInterface.
Forinstructionsonconnectingaconsoletoyourrouter,refertothedocumentationthataccompaniedyourrouter,orrefertotheonlinedocumentationforyourequipment.
ComponentsUsedTheinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:Cisco2509routerqCiscoIOSSoftwareVersion12.
2(19)qTheinformationinthisdocumentwascreatedfromthedevicesinaspecificlabenvironment.
Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.
Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.
ConventionsFormoreinformationondocumentconventions,refertotheCiscoTechnicalTipsConventions.
BackgroundInformationTheuseofpasswordprotectiontocontrolorrestrictaccesstothecommandlineinterface(CLI)ofyourrouterisoneofthefundamentalelementsofanoverallsecurityplan.
Protectingtherouterfromunauthorizedremoteaccess,typicallyTelnet,isthemostcommonsecuritythatneedsconfiguring,butprotectingtherouterfromunauthorizedlocalaccesscannotbeoverlooked.
Note:Passwordprotectionisjustoneofthemanystepsyoushoulduseinaneffectivein-depthnetworksecurityregimen.
Firewalls,access-lists,andcontrolofphysicalaccesstotheequipmentareotherelementsthatmustbeconsideredwhenimplementingyoursecurityplan.
Commandline,orEXEC,accesstoaroutercanbemadeinanumberofways,butinallcasestheinboundconnectiontotherouterismadeonaTTYline.
TherearefourmaintypesofTTYlines,asseeninthissampleshowlineoutput:2509#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-1TTY9600/9600000/0-2TTY9600/9600000/0-3TTY9600/9600000/0-4TTY9600/9600000/0-5TTY9600/9600000/0-6TTY9600/9600000/0-7TTY9600/9600000/0-8TTY9600/9600000/0-9AUX9600/9600000/0-10VTY000/0-11VTY000/0-12VTY000/0-13VTY000/0-14VTY000/0-2509#TheCTYline-typeistheConsolePort.
Onanyrouter,itappearsintherouterconfigurationaslinecon0andintheoutputoftheshowlinecommandascty.
Theconsoleportismainlyusedforlocalsystemaccessusingaconsoleterminal.
TheTTYlinesareasynchronouslinesusedforinboundoroutboundmodemandterminalconnectionsandcanbeseeninarouteroraccessserverconfigurationaslinex.
Thespecificlinenumbersareafunctionofthehardwarebuiltintoorinstalledontherouteroraccessserver.
TheAUXlineistheAuxiliaryport,seenintheconfigurationaslineaux0.
TheVTYlinesaretheVirtualTerminallinesoftherouter,usedsolelytocontrolinboundTelnetconnections.
Theyarevirtual,inthesensethattheyareafunctionofsoftware-thereisnohardwareassociatedwiththem.
Theyappearintheconfigurationaslinevty04.
Eachofthesetypesoflinescanbeconfiguredwithpasswordprotection.
Linescanbeconfiguredtouseonepasswordforallusers,orforuser-specificpasswords.
User-specificpasswordscanbeconfiguredlocallyontherouter,oryoucanuseanauthenticationservertoprovideauthentication.
Thereisnoprohibitionagainstconfiguringdifferentlineswithdifferenttypesofpasswordprotection.
Itis,infact,commontoseerouterswithasinglepasswordfortheconsoleanduser-specificpasswordsforotherinboundconnections.
Belowisanexampleofrouteroutputfromtheshowrunning-configcommand:2509#showrunning-configBuildingconfiguration.
.
.
Currentconfiguration:655bytes!
version12.
2.
.
.
!
---Configurationeditedforbrevitylinecon0line18lineaux0linevty04!
endConfigurePasswordsontheLineTospecifyapasswordonaline,usethepasswordcommandinlineconfigurationmode.
Toenablepasswordcheckingatlogin,usethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheconsole.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandthenswitchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#linecon0router(config-line)#1.
Configurethepassword,andenablepasswordcheckingatlogin.
router(config-line)#passwordletmeinrouter(config-line)#login2.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:Donotsaveconfigurationchangestolinecon0untilyourabilitytologinhasbeenverified.
3.
Note:Underthelineconsoleconfiguration,loginisarequiredconfigurationcommandtoenablepasswordcheckingatlogin.
Consoleauthenticationrequiresboththepasswordandthelogincommandstowork.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
.
.
.
!
---Linesomittedforbrevity!
linecon0passwordletmeinloginline18lineaux0linevty04!
endTotesttheconfiguration,logofftheconsoleandloginagain,usingtheconfiguredpasswordtoaccesstherouter:router#exitroutercon0isnowavailablePressRETURNtogetstarted.
UserAccessVerificationPassword:!
---Passwordenteredhereisnotdisplayedbytherouterrouter>Note:Beforeperformingthistest,ensurethatyouhaveanalternateconnectionintotherouter,suchasTelnetordial-in,incasethereisaproblemloggingbackintotherouter.
qTroubleshootLoginFailureIfyoucannotlogbackintotherouterandyouhavenotsavedtheconfiguration,reloadingtherouterwilleliminateanyconfigurationchangesyouhavemade.
Iftheconfigurationchangesweresavedandyoucannotlogintotherouter,youwillhavetoperformapasswordrecovery.
SeePasswordRecoveryProcedurestofindinstructionsforyourparticularplatform.
ConfigureLocalUser-SpecificPasswordsToestablishausername-basedauthenticationsystem,usetheusernamecommandinglobalconfigurationmode.
Toenablepasswordcheckingatlogin,usetheloginlocalcommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,passwordsareconfiguredforusersattemptingtoconnecttotherouterontheVTYlinesusingTelnet.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterusername/passwordcombinations,oneforeachuserforwhomyouwanttoallowaccesstotherouter:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#usernamerusspasswordmontecitorouter(config)#usernamecindypasswordbelgiumrouter(config)#usernamemikepasswordrottweiler1.
Switchtolineconfigurationmode,usingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#linevty04router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginlocal3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:InordertodisableautoTelnetwhenyoutypeanameontheCLI,configurenologgingpreferredonthelinethatisused.
Whiletransportpreferrednoneprovidesthesameoutput,italsodisablesautoTelnetforthedefinedhostthatareconfiguredwiththeiphostcommand.
Thisisunlikethenologgingpreferredcommand,whichstopsitforundefinedhostsandletsitworkforthedefinedones.
4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity!
usernamerusspassword0montecitousernamecindypassword0belgiumusernamemikepassword0rottweiler!
!
---Linesomittedforbrevity!
linecon0line18lineaux0linevty04loginlocal!
endTotestthisconfiguration,aTelnetconnectionmustbemadetotherouter.
Thiscanbedonebyconnectingfromadifferenthostonthenetwork,butyoucanalsotestfromtherouteritselfbytelnettingtotheIPaddressofanyinterfaceontherouterthatisinanup/upstateasseenintheoutputoftheshowinterfacescommand.
Hereisasampleoutputiftheaddressofqinterfaceethernet0were10.
1.
1.
1:router#telnet10.
1.
1.
1Trying10.
1.
1.
1.
.
.
OpenUserAccessVerificationUsername:mikePassword:!
---PasswordenteredhereisnotdisplayedbytherouterrouterTroubleshootUser-specificPasswordFailureUsernamesandpasswordsarecase-sensitive.
Usersattemptingtologinwithanincorrectlycasedusernameorpasswordwillberejected.
Ifusersareunabletologintotherouterwiththeirspecificpasswords,reconfiguretheusernameandpasswordontherouter.
ConfigureAUXLinePasswordInordertospecifyapasswordontheAUXline,issuethepasswordcommandinlineconfigurationmode.
Inordertoenablepasswordcheckingatlogin,issuethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheAUXport.
IssuetheshowlinecommandinordertoverifythelineusedbytheAUXport.
R1#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-65AUX9600/9600010/0-66VTY000/0-67VTY000/0-1.
Inthisexample,theAUXportisonline65.
IssuethesecommandsinordertoconfiguretherouterAUXline:R1#conftR1(config)#line65R1(config-line)#modeminoutR1(config-line)#speed115200R1(config-line)#transportinputallR1(config-line)#flowcontrolhardwareR1(config-line)#loginR1(config-line)#passwordciscoR1(config-line)#endR1#2.
VerifyConfigurationExaminetheconfigurationoftherouterinordertoverifythatthecommandshavebeenproperlyentered:Theshowrunning-configcommanddisplaysthecurrentconfigurationoftherouter:R1#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity.
lineaux0passwordciscologinmodemInOuttransportinputallspeed115200flowcontrolhardware!
---Linesomittedforbrevity.
!
endqConfigureAAAAuthenticationforLoginToenableauthentication,authorization,andaccounting(AAA)authenticationforlogins,usetheloginauthenticationcommandinlineconfigurationmode.
AAAservicesmustalsobeconfigured.
ConfigurationProcedureInthisexample,therouterisconfiguredtoretrieveusers'passwordsfromaTACACS+serverwhenusersattempttoconnecttotherouter.
Note:ConfiguringtheroutertouseothertypesofAAAservers(RADIUS,forexample)issimilar.
SeeConfiguringAuthenticationforadditionalinformation.
Note:ThisdocumentdoesnotaddressconfigurationoftheAAAserveritself.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterthecommandstoconfiguretheroutertouseAAAservicesforauthentication:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#aaanew-modelrouter(config)#aaaauthenticationloginmy-auth-listtacacs+router(config)#tacacs-serverhost192.
168.
1.
101router(config)#tacacs-serverkeyletmein1.
Switchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#line18router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginauthenticationmy-auth-list3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:Configuredfromconsolebyconsole4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#writeterminalBuildingconfiguration.
.
.
Currentconfiguration:!
version12.
0servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryption!
hostnamerouter!
aaanew-modelaaaauthenticationloginmy-auth-listtacacs+!
!
---Linesomittedforbrevity.
.
.
!
tacacs-serverhost192.
168.
1.
101tacacs-serverkeyletmein!
linecon0line18loginauthenticationmy-auth-listlineaux0linevty04!
endqTotestthisparticularconfiguration,aninboundoroutboundconnectionmustbemadetotheline.
SeetheModem-RouterConnectionGuideforspecificinformationonconfiguringasynclinesformodemconnections.
Alternately,youcanconfigureoneormoreVTYlinestoperformAAAauthenticationandperformyourtestingthereupon.
TroubleshootAAALoginFailureBeforeissuingdebugcommands,seeImportantInformationonDebugCommands.
Totroubleshootafailedloginattempt,usethedebugcommandappropriatetoyourconfiguration:debugaaaauthenticationqdebugradiusqdebugkerberosqRelatedInformationCiscoIOSDebugCommandReferenceqTechnicalSupport-CiscoSystemsq
PrerequisitesRequirementsInordertoperformthetasksdescribedinthisdocument,youmusthaveprivilegedEXECaccesstotherouter'scommandlineinterface(CLI).
Forinformationonusingthecommandlineandforunderstandingcommandmodes,seeUsingtheCiscoIOSCommand-LineInterface.
Forinstructionsonconnectingaconsoletoyourrouter,refertothedocumentationthataccompaniedyourrouter,orrefertotheonlinedocumentationforyourequipment.
ComponentsUsedTheinformationinthisdocumentisbasedonthesesoftwareandhardwareversions:Cisco2509routerqCiscoIOSSoftwareVersion12.
2(19)qTheinformationinthisdocumentwascreatedfromthedevicesinaspecificlabenvironment.
Allofthedevicesusedinthisdocumentstartedwithacleared(default)configuration.
Ifyournetworkislive,makesurethatyouunderstandthepotentialimpactofanycommand.
ConventionsFormoreinformationondocumentconventions,refertotheCiscoTechnicalTipsConventions.
BackgroundInformationTheuseofpasswordprotectiontocontrolorrestrictaccesstothecommandlineinterface(CLI)ofyourrouterisoneofthefundamentalelementsofanoverallsecurityplan.
Protectingtherouterfromunauthorizedremoteaccess,typicallyTelnet,isthemostcommonsecuritythatneedsconfiguring,butprotectingtherouterfromunauthorizedlocalaccesscannotbeoverlooked.
Note:Passwordprotectionisjustoneofthemanystepsyoushoulduseinaneffectivein-depthnetworksecurityregimen.
Firewalls,access-lists,andcontrolofphysicalaccesstotheequipmentareotherelementsthatmustbeconsideredwhenimplementingyoursecurityplan.
Commandline,orEXEC,accesstoaroutercanbemadeinanumberofways,butinallcasestheinboundconnectiontotherouterismadeonaTTYline.
TherearefourmaintypesofTTYlines,asseeninthissampleshowlineoutput:2509#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-1TTY9600/9600000/0-2TTY9600/9600000/0-3TTY9600/9600000/0-4TTY9600/9600000/0-5TTY9600/9600000/0-6TTY9600/9600000/0-7TTY9600/9600000/0-8TTY9600/9600000/0-9AUX9600/9600000/0-10VTY000/0-11VTY000/0-12VTY000/0-13VTY000/0-14VTY000/0-2509#TheCTYline-typeistheConsolePort.
Onanyrouter,itappearsintherouterconfigurationaslinecon0andintheoutputoftheshowlinecommandascty.
Theconsoleportismainlyusedforlocalsystemaccessusingaconsoleterminal.
TheTTYlinesareasynchronouslinesusedforinboundoroutboundmodemandterminalconnectionsandcanbeseeninarouteroraccessserverconfigurationaslinex.
Thespecificlinenumbersareafunctionofthehardwarebuiltintoorinstalledontherouteroraccessserver.
TheAUXlineistheAuxiliaryport,seenintheconfigurationaslineaux0.
TheVTYlinesaretheVirtualTerminallinesoftherouter,usedsolelytocontrolinboundTelnetconnections.
Theyarevirtual,inthesensethattheyareafunctionofsoftware-thereisnohardwareassociatedwiththem.
Theyappearintheconfigurationaslinevty04.
Eachofthesetypesoflinescanbeconfiguredwithpasswordprotection.
Linescanbeconfiguredtouseonepasswordforallusers,orforuser-specificpasswords.
User-specificpasswordscanbeconfiguredlocallyontherouter,oryoucanuseanauthenticationservertoprovideauthentication.
Thereisnoprohibitionagainstconfiguringdifferentlineswithdifferenttypesofpasswordprotection.
Itis,infact,commontoseerouterswithasinglepasswordfortheconsoleanduser-specificpasswordsforotherinboundconnections.
Belowisanexampleofrouteroutputfromtheshowrunning-configcommand:2509#showrunning-configBuildingconfiguration.
.
.
Currentconfiguration:655bytes!
version12.
2.
.
.
!
---Configurationeditedforbrevitylinecon0line18lineaux0linevty04!
endConfigurePasswordsontheLineTospecifyapasswordonaline,usethepasswordcommandinlineconfigurationmode.
Toenablepasswordcheckingatlogin,usethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheconsole.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandthenswitchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#linecon0router(config-line)#1.
Configurethepassword,andenablepasswordcheckingatlogin.
router(config-line)#passwordletmeinrouter(config-line)#login2.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:Donotsaveconfigurationchangestolinecon0untilyourabilitytologinhasbeenverified.
3.
Note:Underthelineconsoleconfiguration,loginisarequiredconfigurationcommandtoenablepasswordcheckingatlogin.
Consoleauthenticationrequiresboththepasswordandthelogincommandstowork.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
.
.
.
!
---Linesomittedforbrevity!
linecon0passwordletmeinloginline18lineaux0linevty04!
endTotesttheconfiguration,logofftheconsoleandloginagain,usingtheconfiguredpasswordtoaccesstherouter:router#exitroutercon0isnowavailablePressRETURNtogetstarted.
UserAccessVerificationPassword:!
---Passwordenteredhereisnotdisplayedbytherouterrouter>Note:Beforeperformingthistest,ensurethatyouhaveanalternateconnectionintotherouter,suchasTelnetordial-in,incasethereisaproblemloggingbackintotherouter.
qTroubleshootLoginFailureIfyoucannotlogbackintotherouterandyouhavenotsavedtheconfiguration,reloadingtherouterwilleliminateanyconfigurationchangesyouhavemade.
Iftheconfigurationchangesweresavedandyoucannotlogintotherouter,youwillhavetoperformapasswordrecovery.
SeePasswordRecoveryProcedurestofindinstructionsforyourparticularplatform.
ConfigureLocalUser-SpecificPasswordsToestablishausername-basedauthenticationsystem,usetheusernamecommandinglobalconfigurationmode.
Toenablepasswordcheckingatlogin,usetheloginlocalcommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,passwordsareconfiguredforusersattemptingtoconnecttotherouterontheVTYlinesusingTelnet.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterusername/passwordcombinations,oneforeachuserforwhomyouwanttoallowaccesstotherouter:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#usernamerusspasswordmontecitorouter(config)#usernamecindypasswordbelgiumrouter(config)#usernamemikepasswordrottweiler1.
Switchtolineconfigurationmode,usingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#linevty04router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginlocal3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:ConfiguredfromconsolebyconsoleNote:InordertodisableautoTelnetwhenyoutypeanameontheCLI,configurenologgingpreferredonthelinethatisused.
Whiletransportpreferrednoneprovidesthesameoutput,italsodisablesautoTelnetforthedefinedhostthatareconfiguredwiththeiphostcommand.
Thisisunlikethenologgingpreferredcommand,whichstopsitforundefinedhostsandletsitworkforthedefinedones.
4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity!
usernamerusspassword0montecitousernamecindypassword0belgiumusernamemikepassword0rottweiler!
!
---Linesomittedforbrevity!
linecon0line18lineaux0linevty04loginlocal!
endTotestthisconfiguration,aTelnetconnectionmustbemadetotherouter.
Thiscanbedonebyconnectingfromadifferenthostonthenetwork,butyoucanalsotestfromtherouteritselfbytelnettingtotheIPaddressofanyinterfaceontherouterthatisinanup/upstateasseenintheoutputoftheshowinterfacescommand.
Hereisasampleoutputiftheaddressofqinterfaceethernet0were10.
1.
1.
1:router#telnet10.
1.
1.
1Trying10.
1.
1.
1.
.
.
OpenUserAccessVerificationUsername:mikePassword:!
---PasswordenteredhereisnotdisplayedbytherouterrouterTroubleshootUser-specificPasswordFailureUsernamesandpasswordsarecase-sensitive.
Usersattemptingtologinwithanincorrectlycasedusernameorpasswordwillberejected.
Ifusersareunabletologintotherouterwiththeirspecificpasswords,reconfiguretheusernameandpasswordontherouter.
ConfigureAUXLinePasswordInordertospecifyapasswordontheAUXline,issuethepasswordcommandinlineconfigurationmode.
Inordertoenablepasswordcheckingatlogin,issuethelogincommandinlineconfigurationmode.
ConfigurationProcedureInthisexample,apasswordisconfiguredforallusersattemptingtousetheAUXport.
IssuetheshowlinecommandinordertoverifythelineusedbytheAUXport.
R1#showlineTtyTypTx/RxAModemRotyAccOAccIUsesNoiseOverrunsInt*0CTY000/0-65AUX9600/9600010/0-66VTY000/0-67VTY000/0-1.
Inthisexample,theAUXportisonline65.
IssuethesecommandsinordertoconfiguretherouterAUXline:R1#conftR1(config)#line65R1(config-line)#modeminoutR1(config-line)#speed115200R1(config-line)#transportinputallR1(config-line)#flowcontrolhardwareR1(config-line)#loginR1(config-line)#passwordciscoR1(config-line)#endR1#2.
VerifyConfigurationExaminetheconfigurationoftherouterinordertoverifythatthecommandshavebeenproperlyentered:Theshowrunning-configcommanddisplaysthecurrentconfigurationoftherouter:R1#showrunning-configBuildingconfiguration.
.
.
!
!
---Linesomittedforbrevity.
lineaux0passwordciscologinmodemInOuttransportinputallspeed115200flowcontrolhardware!
---Linesomittedforbrevity.
!
endqConfigureAAAAuthenticationforLoginToenableauthentication,authorization,andaccounting(AAA)authenticationforlogins,usetheloginauthenticationcommandinlineconfigurationmode.
AAAservicesmustalsobeconfigured.
ConfigurationProcedureInthisexample,therouterisconfiguredtoretrieveusers'passwordsfromaTACACS+serverwhenusersattempttoconnecttotherouter.
Note:ConfiguringtheroutertouseothertypesofAAAservers(RADIUS,forexample)issimilar.
SeeConfiguringAuthenticationforadditionalinformation.
Note:ThisdocumentdoesnotaddressconfigurationoftheAAAserveritself.
FromtheprivilegedEXEC(or"enable")prompt,enterconfigurationmodeandenterthecommandstoconfiguretheroutertouseAAAservicesforauthentication:router#configureterminalEnterconfigurationcommands,oneperline.
EndwithCNTL/Z.
router(config)#aaanew-modelrouter(config)#aaaauthenticationloginmy-auth-listtacacs+router(config)#tacacs-serverhost192.
168.
1.
101router(config)#tacacs-serverkeyletmein1.
Switchtolineconfigurationmodeusingthefollowingcommands.
Noticethatthepromptchangestoreflectthecurrentmode.
router(config)#line18router(config-line)#2.
Configurepasswordcheckingatlogin.
router(config-line)#loginauthenticationmy-auth-list3.
Exitconfigurationmode.
router(config-line)#endrouter#%SYS-5-CONFIG_I:Configuredfromconsolebyconsole4.
VerifytheConfigurationExaminetheconfigurationoftheroutertoverifythatthecommandshavebeenproperlyentered:showrunning-config-displaysthecurrentconfigurationoftherouter.
router#writeterminalBuildingconfiguration.
.
.
Currentconfiguration:!
version12.
0servicetimestampsdebuguptimeservicetimestampsloguptimenoservicepassword-encryption!
hostnamerouter!
aaanew-modelaaaauthenticationloginmy-auth-listtacacs+!
!
---Linesomittedforbrevity.
.
.
!
tacacs-serverhost192.
168.
1.
101tacacs-serverkeyletmein!
linecon0line18loginauthenticationmy-auth-listlineaux0linevty04!
endqTotestthisparticularconfiguration,aninboundoroutboundconnectionmustbemadetotheline.
SeetheModem-RouterConnectionGuideforspecificinformationonconfiguringasynclinesformodemconnections.
Alternately,youcanconfigureoneormoreVTYlinestoperformAAAauthenticationandperformyourtestingthereupon.
TroubleshootAAALoginFailureBeforeissuingdebugcommands,seeImportantInformationonDebugCommands.
Totroubleshootafailedloginattempt,usethedebugcommandappropriatetoyourconfiguration:debugaaaauthenticationqdebugradiusqdebugkerberosqRelatedInformationCiscoIOSDebugCommandReferenceqTechnicalSupport-CiscoSystemsq
- numberletmein相关文档
- MACletmein
- 证书letmein
- doubleletmein
- 呼叫letmein
- 用户letmein
- contentsletmein
台湾CN2云服务器 2核2G 5M 5IP 台湾物理服务器 E5x2 64G 20M 5IP
提速啦(www.tisula.com)是赣州王成璟网络科技有限公司旗下云服务器品牌,目前拥有在籍员工40人左右,社保在籍员工30人+,是正规的国内拥有IDC ICP ISP CDN 云牌照资质商家,2018-2021年连续4年获得CTG机房顶级金牌代理商荣誉 2021年赣州市于都县创业大赛三等奖,2020年于都电子商务示范企业,2021年于都县电子商务融合推广大使。资源优势介绍:Ceranetwo...
Friendhosting 黑色星期五 VDS/VPS可享四五折优惠促销
Friendhosting商家在前面的篇幅中也又陆续介绍到,是一家保加利亚主机商,主要提供销售VPS和独立服务器出租业务,数据中心分布在:荷兰、保加利亚、立陶宛、捷克、乌克兰和美国洛杉矶等。这不近期黑色星期五活动,商家也有推出了黑五优惠,VPS全场一次性45折,虚拟主机4折,全球多机房可选,老用户续费可获9折加送1个月使用时长,VDS折后最低仅€14.53/年,有需要的可以看看。Friendhos...
【IT狗】在线ping,在线tcping,路由追踪
IT狗为用户提供 在线ping、在线tcping、在线路由追踪、域名被墙检测、域名被污染检测 等实用工具。【工具地址】https://www.itdog.cn/【工具特色】1、目前同类网站中,在线ping 仅支持1次或少量次数的测试,无法客观的展现目标服务器一段时间的网络状况,IT狗Ping工具可持续的进行一段时间的ping测试,并生成更为直观的网络质量柱状图,让用户更容易掌握服务器在各地区、各线...
letmein为你推荐
-
主机租赁电脑出租怎么收费的?域名价格这个域名有价值吗虚拟主机代理紧急寻求好的虚拟主机代理商域名服务商最好的域名服务商是哪一家重庆网站空间重庆建网站的公司 我司准备建一个好点的网站,求推荐淘宝虚拟主机淘宝买虚拟主机空间好吗?成都虚拟主机成都哪个公司建网站最好沈阳虚拟主机为什么修改了虚拟机Vmware的TCP/IP配置以后就上不了网二级域名一级域名与二级域名有啥区别顶级域名顶级域名 一级域名 二级域名 三级域名什么区别?