Scribd
Upload
20 views10 pages

11 Workbook+Warm+Up+Line

This document provides instructions on how to configure various security settings on a switch including: 1. Configuring a console password and idle timeout. 2. Configuring Telnet login options including no authentication, password-based, and username/password. 3. Configuring SSH login by generating encryption keys, setting the version, and different authentication methods. 4. Using the "send" command to display messages on different terminal sessions connected to the switch.

Uploaded by

Saïd MOUGAMADOUSSOULTANE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
20 views10 pages

11 Workbook+Warm+Up+Line

This document provides instructions on how to configure various security settings on a switch including: 1. Configuring a console password and idle timeout. 2. Configuring Telnet login options including no authentication, password-based, and username/password. 3. Configuring SSH login by generating encryption keys, setting the version, and different authentication methods. 4. Using the "send" command to display messages on different terminal sessions connected to the switch.

Uploaded by

Saïd MOUGAMADOUSSOULTANE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

SEAN NING (NINGYIXIAO@GMAIL.COM), MICHAEL BAI (MICHAEL.BAI0117@GMAIL.

COM)

Line

Objective 1:
• Configure console password
• Configure console idle timeout

Step 1 – configure console password


Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#line con 0
Switch(config-line)#password cisco
Switch(config-line)#login

Step 2 – configure console idle timeout


Switch(config)#line con 0
Switch(config-line)#exec-timeout 0 ?
<0-2147483> Timeout in seconds
<cr>
Switch(config-line)#exec-timeout 0 0

Step 3 – Verification

Click PC_A > Click Desktop > Click Terminal


SEAN NING (NINGYIXIAO@GMAIL.COM), MICHAEL BAI (MICHAEL.BAI0117@GMAIL.COM)

Click OK
SEAN NING (NINGYIXIAO@GMAIL.COM), MICHAEL BAI (MICHAEL.BAI0117@GMAIL.COM)

Re-login switch by using command “exit”, switch will prompt for password
SEAN NING (NINGYIXIAO@GMAIL.COM), MICHAEL BAI (MICHAEL.BAI0117@GMAIL.COM)

Objective 2:
• Configure Telnet login without username and password
• Configure Telnet login with password
• Configure Telnet login with username and password

Step 1 – disable authentication for line vty 0 to 4


Switch(config)#line vty 0 4
Switch(config-line)#no login

Step 2 – Use PC_B to Telnet to switch

PC_B is able to Telnet into the switch without any password


SEAN NING (NINGYIXIAO@GMAIL.COM), MICHAEL BAI (MICHAEL.BAI0117@GMAIL.COM)

Step 3 – Configure password for Telnet

Switch(config)#line vty 0 4
Switch(config-line)#password Cisco
Switch(config-line)#login

Step 4 – Use PC_B to Telnet to switch

Step 5 – Configure username and password for Telnet


Switch(config)#username Cisco password Cisco
Switch(config)#line vty 0 4
Switch(config-line)#login local

Step 6 – Use PC_B to Telnet to switch

Notice both username and password are case sensitive


SEAN NING (NINGYIXIAO@GMAIL.COM), MICHAEL BAI (MICHAEL.BAI0117@GMAIL.COM)

Objective 3:
• Configure SSH login
Step 1 – Change hostname
IOS not able to generate encryption key using default hostname, system will prompt you an
error message as below, so you need to change hostname.

Switch(config)#hostname SW

Step 2 – Configure domain

There are two command to configure domain “ip domain-name” or “ip domain name”.
There is no difference

Step 3 – Generate encryption key


SW(config)#crypto key generate rsa
The name for the keys will be: SW.ccna++.com
Choose the size of the key modulus in the range of 360 to 2048 for
your
General Purpose Keys. Choosing a key modulus greater than 512 may
take
a few minutes.

How many bits in the modulus [512]: 2048


% Generating 2048 bit RSA keys, keys will be non-exportable...[OK]

In production environment should always use key length >= 2048

Step 4 – Configure SSH version (use version 2)

SW(config)#ip ssh version 2

Step 5 – Disable authentication under line vty 0 4


SEAN NING (NINGYIXIAO@GMAIL.COM), MICHAEL BAI (MICHAEL.BAI0117@GMAIL.COM)

SW(config)#line vty 0 4
SW(config-line)#no login

Step 6 – Use PC_B to SSH into switch

You should be able to login by putting any username even it not exists in the system (e.g.
“ABC”)

Step 7 – Configure authentication at line level


SW(config)#line vty 0 4
SW(config-line)#password Cisco
SW(config-line)#login

Step 8 – Use PC_B to SSH into switch

Password is needed

Step 9 – Configure username and password, change authentication from “login” to “login
local”
SW(config)#username Cisco password ABC
SW(config)#line vty 0 4
SW(config-line)#login local
SW(config-line)#password Cisco
SEAN NING (NINGYIXIAO@GMAIL.COM), MICHAEL BAI (MICHAEL.BAI0117@GMAIL.COM)

The outcome shows “login local” will force user to authenticate with local database, line
level password not taking effect.

Step 10 – Allow SSH access only

Without any modification, PC_B still able to use Telnet to access the router which is not
secure

We use below command to allow SSH access only

SW(config-line)#transport input ssh

Use PC_B to Telnet again, it fails


SEAN NING (NINGYIXIAO@GMAIL.COM), MICHAEL BAI (MICHAEL.BAI0117@GMAIL.COM)

Objective 4:
• Use “send” command to display message on different line

Step 1 – Open PC_A Terminal

This is used for console access

Step 2 – Use PC_B to SSH into the device


SEAN NING (NINGYIXIAO@GMAIL.COM), MICHAEL BAI (MICHAEL.BAI0117@GMAIL.COM)

Step 3 – Send a message from PC_A to PC_B


SW#send ?
* All tty lines
<0-300> Send a message to a specific line
SW#send *
Enter message, end with CTRL/Z; abort with CTRL/C:
HELLO !!! THIS IS A MESSAGE FROM ME !!!
Send message? [confirm]

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy