packet tracer 16.4.6 Configure Secure Password and SSH#
作者:互联网
packet tracer 16.4.6 Configure Secure Password and SSH#
Scenario
The network administrator has asked you to prepare RTA and SW1 for deployment. Before they can be connected to the network, security measures must be enabled
SSH provide security for remote connections by providing strong encryption when a device is authenticated (username and password) and also for the transmitted data between the communicating devices
Configure SSH
Configure hostname > Configure ip domain name > Generate RSA key pairs -A minimum modulus size of 1,024 bits is required > Configure user authentication > Configure vty lines > Enabling SSH version 2 > show ip ssh
configure PCa : ip configuration
PCa terminal
Router>enable
Router#configure
Router#configure terminal
Router(config)#host
Router(config)#hostname RTA
RTA(config)#interface gigabitEthernet 0/0
RTA(config-if)#IP address 172.16.1.1 255.255.255.0
RTA(config-if)#no shutdown
RTA(config-if)#exit
RTA(config)#service passsword-encryption
RTA(config)#service passsword min-length 10
RTA(config)#enable secret Zxa0518000
RTA(config)#no ip domain-lookup
RTA(config)#ip domain-name CCNA.com
RTA(config)#username ZXA secret Zxa0518000
RTA(config)#crypto key generate rsa
How many bits in the modulus[512]:1024
RTA(config)#login block-for 180 attempts 4 within 120
RTA(config)#line vty 0 4
RTA(config-line)#transport input ssh
RTA(config-line)#login local
RTA(config-line)#exec-timeout 6
RTA(config-line)#^Z
RTA#
RTA#copy running-config startup-config
[ok]
PCa command prompt
C: >ssh -l ZXA 172.16.1.1
password: Zxa0518000
RTA>exit
SW1 CLI
Switch>en
Switch>config t
Switch(config)#hostname SW1
SW1(config)#interface vlan 1
SW1(config-if)#ip addr 172.16.1.2 255.255.255.0
SW1(config-if)#exit
SW1(config)#ip default-gateway 172.16.1.1
SW1(config)#interface range fastEthernet 0/2-24, g 0/2
SW1(config-if-range)#shutdown
SW1(config-if-range)#exit
SW1(config)#service password-encryption
SW1(config)#enable secret password Zxa0518000
SW1(config)#no ip domain-lookup
SW1(config)#ip domain-name CCNA.com
SW1(config)#username ZXA secret password Zxa0518000
SW1(config)#crypto key generate rsa
How many bits in the modulus[512]:1024
SW1#config t
SW1(config)#line vty 0 15
SW1(config-line)#transport input ssh
SW1(config-line)#login local
SW1(config-line)#exec-timeout 6
SW1(config-line)#^Z
SW1#copy running-config start-up config
PCa command prompt
C: >ssh -l ZXA 172.16.1.2
password: Zxa0518000
RTA>exit
Extend Port Security
Protect (fa0/1) from MAC-address flooding limit the device to 1 using static method . shut down device if invalid MAC
int fa0/1
switchport mode access
switchport port-security maximum 1
switchport port-security Mac-address [macpc]
switchport port-security violation shutdown
Protect (fa0/2) against MAC-address flooding ,limit device to 1 and save the MAC in config file ,If invalid MAC , generate modification.
int fa0/2
switchport mode access
switchport port-security maximum 1
switchport port-security Mac-address sticky
switchport port-security violation restrict
标签:RTA,Secure,ip,packet,16.4,SW1,line,config,security 来源: https://blog.csdn.net/ZhangXiang0518/article/details/110955768