5 月 192015
5 月 192015
参数
可选择加密算法和加密位数,可增加私钥密码,使用私钥是需输入私钥密码。
-b bits Specifies the number of bits in the key to create. For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Gen- erally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by FIPS 186-2. -P passphrase Provides the (old) passphrase. -t type Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”, “ecdsa” or “rsa” for protocol version 2. -C comment Provides a new comment.
配置
主机A,生成密钥对
主机A,查看密钥信息
主机B,生成目录和文件并保存公钥
主机B,显示IP地址信息
主机A,使用SSH登录主机B,无需验证密码(用户密码和私钥密码)
主机A,首次SSH连接断开后,本地保存的主机B公钥信息
5 月 052015
In routed mode, hosts on the inside (Business and Home VLANs) count towards the limit when they communicate with the outside (Internet VLAN), including when the inside initiates a connection to the outside as well as when the outside initiates a connection to the inside. Note that even when the outside initiates a connection to the inside, outside hosts are not counted towards the limit; only the inside hosts count. Hosts that initiate traffic between Business and Home are also not counted towards the limit. The interface associated with the default route is considered to be the outside Internet interface. If there is no default route, hosts on all interfaces are counted toward the limit. In transparent mode, the interface with the lowest number of hosts is counted towards the host limit. See the show local-host command to view host limits.
For a 10-user license, the max. DHCP clients is 32. For 50 users, the max. is 128. For unlimited users, the max. is 250, which is the max. for other models.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/configuration/guide/config/license.html
4 月 282015
4 月 242015
4 月 242015
4 月 092015
Switch(config)#line ? <0-16> First Line number console Primary terminal line vty Virtual terminal Switch(config)#line console ? <0-0> First Line number Switch(config)#line vty ? <0-15> First Line number Switch(config)#
配置console控制台密码
Switch(config)#line console 0 Switch(config-line)#password hellocisco Switch(config-line)#exec-timeout ? <0-35791> Timeout in minutes Switch(config-line)#exec-timeout 0 ? <0-2147483> Timeout in seconds <cr> Switch(config-line)#exec-timeout 0 0 Switch(config-line)#exit Switch(config)#exit Switch#wri
查看show run配置
! line con 0 exec-timeout 0 0 password hellocisco line vty 0 4 login line vty 5 15 login !
配置telnet密码
Switch(config)#line vty 0 ? <1-15> Last Line number <cr> Switch(config)#line vty 0 4 Switch(config-line)#password hellocisco Switch(config-line)#exec-timeout 0 ? <0-2147483> Timeout in seconds <cr> Switch(config-line)#exec-timeout 0 0 Switch(config-line)#login Switch(config-line)#exit Switch(config)#exit Switch#wri
查看telnet相关show run配置
! line con 0 exec-timeout 0 0 password hellocisco line vty 0 4 exec-timeout 0 0 password hellocisco login line vty 5 15 login !
配置SSH登录密码
对配置密码加密
默认仅enable加密密码为加密显示,对enable密码和用户模式密码(console/AUX/telnet/ssh)加密需手工指定
启用加密前
! enable secret 5 $1$p3Nf$H1f9qXJ4OjS4p6fu447Dd/ enable password hellocisco ! ! !
! line con 0 exec-timeout 0 0 password hellocisco line vty 0 4 exec-timeout 0 0 password hellocisco login line vty 5 15 login !
启用加密后
Switch(config)#service password-encryption Switch(config)#exit Switch#wri
! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption !
! enable secret 5 $1$p3Nf$H1f9qXJ4OjS4p6fu447Dd/ enable password 7 011B030857040506324F41 ! ! !
! line con 0 exec-timeout 0 0 password 7 141F1707000B2922372B3C line vty 0 4 exec-timeout 0 0 password 7 141F1707000B2922372B3C login line vty 5 15 login !
4 月 092015
Switch>en Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#enable ? last-resort Define enable action if no TACACS servers respond password Assign the privileged level password (MAX of 25 characters) secret Assign the privileged level secret (MAX of 25 characters) use-tacacs Use TACACS to check enable passwords Switch(config)#enable
配置enable密码
Switch(config)#enable password cisco
使用show run查看enable密码的配置
! enable password cisco ! ! !
保存并查看启动配置
Switch#show startup-config startup-config is not present Switch#wri Building configuration... [OK] Switch#show startup-config
再次登录提示输入enable密码
Switch> Switch>en Password: Switch#
已设置password再设置secret加密密码,提示建议更换密码
Switch(config)#enable secret cisco The enable secret you have chosen is the same as your enable password. This is not recommended. Re-enter the enable secret. Switch(config)#
查看show run配置
! enable secret 5 $1$p3Nf$H1f9qXJ4OjS4p6fu447Dd/ enable password cisco ! ! !
取消enable密码设置仅保留enable加密密码设置
Switch(config)#no enable password Switch(config)#exit Switch#sh run
再次查看show run配置
! enable secret 5 $1$p3Nf$H1f9qXJ4OjS4p6fu447Dd/ ! ! !
4 月 082015
使用Console线连接交换机
版本信息
Switch#sh ver Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(55)SE8, RELEASE SOFTWARE (fc2) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2013 by Cisco Systems, Inc. Compiled Wed 26-Jun-13 11:34 by prod_rel_team Image text-base: 0x00003000, data-base: 0x01900000 ROM: Bootstrap program is C2960 boot loader BOOTLDR: C2960 Boot Loader (C2960-HBOOT-M) Version 12.2(53r)SEY3, RELEASE SOFTWARE (fc1) Switch uptime is 25 minutes System returned to ROM by power-on System image file is "flash:/c2960-lanbasek9-mz.122-55.SE8/c2960-lanbasek9-mz.122-55.SE8.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco WS-C2960-24TC-L (PowerPC405) processor (revision Y0) with 65536K bytes of memory. Processor board ID FOC1835Y126 Last reset from power-on 1 Virtual Ethernet interface 24 FastEthernet interfaces 2 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 64K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 68:99:CD:14:C1:80 Motherboard assembly number : 73-12599-06 Power supply part number : 341-0097-03 Motherboard serial number : FOC18346QA7 Power supply serial number : DCA183387LZ Model revision number : Y0 Motherboard revision number : B0 Model number : WS-C2960-24TC-L System serial number : FOC1835Y126 Top Assembly Part Number : 800-32796-02 Top Assembly Revision Number : B0 Version ID : V11 CLEI Code Number : COM3K00BRF Hardware Board Revision Number : 0x0A Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 26 WS-C2960-24TC-L 12.2(55)SE8 C2960-LANBASEK9-M Configuration register is 0xF Switch#
配置信息
Switch#show run Building configuration... Current configuration : 1231 bytes ! version 12.2 service config no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Switch ! boot-start-marker boot-end-marker ! ! ! ! no aaa new-model system mtu routing 1500 ! ! ! ! ! ! ! ! spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! ! ! interface FastEthernet0/1 ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface GigabitEthernet0/1 ! interface GigabitEthernet0/2 ! interface Vlan1 ip address dhcp ! ip http server ip http secure-server ! line con 0 line vty 5 15 ! end Switch#
4 月 082015
Cisco Catalyst 2960PD-8TT-L 8个以太网 10/100 端口和1个10/100/1000 PoE输入端口;小尺寸,无风扇
Cisco Catalyst 2960-8TC-L 8个以太网10/100端口和1个两用上行端口(10/100/1000或SFP);小尺寸,无风扇
Cisco Catalyst 2960-24TT-L 24个以太网10/100端口和2个固定以太网10/100/1000 上行
Cisco Catalyst 2960-48TT-L 48个以太网10/100端口和2个固定以太网10/100/1000 上行端口
Cisco Catalyst 2960-24LT-L 24个以太网10/100端口(其中8个端口可支持PoE)和2个固定以太网10/100/1000上行端口
Cisco Catalyst 2960-24PC-L 24个以太网10/100 PoE端口和2个两用上行端口
Cisco Catalyst 2960-24TC-L 24个以太网10/100端口和2个两用上行端口
Cisco Catalyst 2960-48TC-L 48个以太网10/100端口和2个两用上行端口
Cisco Catalyst 2960G-8TC-L 8个以太网10/100/1000端口,其中有1个为两用端口;小尺寸,无风扇
Cisco Catalyst 2960G-24TC-L 24个以太网10/100/1000端口,其中有4个为两用端口
Cisco Catalyst 2960G-48-TC-L 48个以太网10/100/1000端口,其中有4个为两用端口
