拓扑图
1.1
SW1配置
- 创建本地密钥对,默认长度512,直接回车就好
[SW1]dsa local-key-pair create
Info: The key name will be: SW1_Host_DSA.
Info: The key modulus can be any one of the following : 512, 1024, 2048.
Info: If the key modulus is greater than 512, it may take a few minutes.
Please input the modulus [default=512]:
Info: Generating keys...
Info: Succeeded in creating the DSA host keys.
- VTY配置
[SW1]user-interface vty 0 4
[SW1-ui-vty0-4]
[SW1-ui-vty0-4]aut
[SW1-ui-vty0-4]authentication-mode aaa
[SW1-ui-vty0-4]pro
[SW1-ui-vty0-4]protocol in
[SW1-ui-vty0-4]protocol inbound all
[SW1-ui-vty0-4]dis this
#
user-interface con 0
user-interface vty 0 4
authentication-mode aaa
protocol inbound all
#
return
[SW1-ui-vty0-4]
- aaa配置
[SW1]aaa
[SW1-aaa]loc
[SW1-aaa]local-user admin password si
[SW1-aaa]local-user admin password ci
[SW1-aaa]local-user admin password cipher admin
[SW1-aaa]loc
[SW1-aaa]local-user admin pr
[SW1-aaa]local-user admin privilege le
[SW1-aaa]local-user admin privilege level 15
[SW1-aaa]loc
[SW1-aaa]local-user admi
[SW1-aaa]local-user admin ser
[SW1-aaa]local-user admin service-type telnet ssh http
[SW1-aaa]dis this
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher XJUN8<9N-:5NZPO3JBXBHA!!
local-user admin privilege level 15
local-user admin service-type telnet ssh http
#
return
[SW1-aaa]
- 开启ssh服务和telnet服务,并配置ssh用户
[SW1]stelnet server enable
Info: The Stelnet server is already started.
[SW1]ssh user
[SW1]ssh user adm
[SW1]ssh user admin aut
[SW1]ssh user admin authen
[SW1]ssh user admin authentication-type password
[SW1]ssh user admin service-type stelnet
[SW1]telnet ser
[SW1]telnet server enable
Info: The Telnet server has been enabled
从SW2登录验证
-
telnet登录验证
2.1 -
ssh登录验证(交换机上没有ssh命令,可以用stelnet)
2.2
