Cisco Router Configuration 2nd EditionChapter7.docx
- 文档编号:3260408
- 上传时间:2022-11-21
- 格式:DOCX
- 页数:30
- 大小:80.10KB
Cisco Router Configuration 2nd EditionChapter7.docx
《Cisco Router Configuration 2nd EditionChapter7.docx》由会员分享,可在线阅读,更多相关《Cisco Router Configuration 2nd EditionChapter7.docx(30页珍藏版)》请在冰豆网上搜索。
CiscoRouterConfiguration2ndEditionChapter7
Chapter7.BasicAdministrativeandManagementIssues
BasicAccessControl—
ThebasicsofconfiguringdeviceaccesscontrolusingtheRADIUSandTACACS+protocolsintheCiscoIOS.
BasicAttackPrevention—
ThebasicsofsettingupthefeaturesintheIOStopreventsomebasicInternetDenial-of-Service(DoS)attacks.
BasicNetworkManagement—
AbriefoverviewoftheSimpleNetworkManagementProtocol(SNMP)anditsconfigurationintheCiscoIOS.
BasicTimeControl—
SettinguptheNetworkTimeProtocolandthesystemclockonCiscodevices.
BasicLogging—
ThebasicsofsettinguptheloggingfunctionalityintheCiscoIOS.
ThischapterexplainstheCiscoIOSmanagementbasicsthatareessentialforcreatingreliable,redundant,andefficientdatanetworks.ThesebasicsincludecontrollingaccesstoaCiscodevice,loggingsystemactivity,preventingattacks,configuringnetworkmanagementprotocols,andsynchronizingthetimeanddateofCiscoIOSdevices.
BasicAccessControl
TheCiscoIOSoffersaseriesofmechanismsandprotocolsthathelpcontroltheaccessibilityofdevices.Thesebasicaccesscontrolmechanismscanhelpyourestrictwhoisaccessingyournetworkdevicesandwhattheyaredoingoneachdevice.Thisimportanttaskisneededtoensurethesecurityofyournetworkandtocreateanaudittrailofanychangesonthenetwork.
ConnectingtoaVirtualTerminalUsingTelnetandSSH
CommonmethodsofaccessingadevicerunningtheIOSareviatheconsoleport(asdiscussedinChapter2,"TheBasicsofDeviceConfiguration")orviavirtualterminallines(vty).Virtualterminallinesaresoftwarethatenablesyoutoconnecttotherouterviaadatanetwork.AnIOSdevicealsosupportsfivesimultaneoussessionsthroughvirtualterminallines.
UsingaTelnetclientorusingaSecureShell(SSH)clientarethetwomostcommonmethodsforconnectingtoavirtualterminalline.ATelnetclientusesastandardprotocoldefinedinRFC854toprovideanunsecureconnectiontoserversoftwarerunningonavirtualterminalline.Bydefault,allIOSdeviceshaveaTelnetserverenabledonallvirtualterminallines;wediscusssecuringtheselinesinthefollowingsection,"EnablingtheSSAServer."
SSHisaprotocolthatprovidesasecureandencryptedconnectionbetweenanSSHclientandserverrunningonavirtualterminallinewithfunctionalitythatissimilartoaTelnetconnection.IncontrasttotheTelnetserver,anSSHserverisnotenabledbydefaultonthevirtualterminallines.EnablingtheSSHserverisdiscussedinthenextsection.
YoursystemadministratorshouldbeabletohelpusetheTelnetclientorSSHclientonyourlocalsystem.Also,fromanEXECprompt,anIOSdevicecanbeaTelnetclientoranSSHclientusingthetelnetorsshcommands.
Note
Currently,twoversionsofSSHareavailable:
SSHVersion1andSSHVersion2.Atthistime,theCiscoIOSsupportsonlySSHVersion1.
SSHclientsandserverscanprovideuserauthenticationusingapublickeycryptographicsysteminventedbyRivest,Shamir,andAdelman(RSA).RSAuserauthenticationavailableinSSHclientsisnotsupportedintheSSHserverforCiscoIOS.TheCiscoIOSauthenticatesusersusingauserIDandpasswordcombinationonly.TheSSHserverintheIOSdoesuseRSAtogeneratethekeypairthatisusedforsettingupanencryptedsessiontotheclient,asshowninthenextsection.
SSHsecurestheconnectionbetweentheSSHclientandserverusingtheDES(56-bit)orTripleDES(168-bit)encryptionalgorithm.NotallIOSversionssupportDESorTripleDES,though,andyoushouldusetheshowversioncommandtoseeiftheversionofIOSthatyouarerunningsupportstheseencryptionalgorithms.
Note
Someencryptionalgorithms(including56-bitdataencryption,amongothers)aresubjecttoUnitedStatesgovernmentexportcontrols.Usingthesealgorithms—andtheversionoftheIOSthatsupportsthem—outsidetheUnitedStatesrequiresanexportlicense.
EnablingtheSSHServer
ToenabletheSSHserverandallowSSHclientstoconnecttovirtualterminallines,yourIOSdevicemusthaveaproperlyconfiguredhostnameanddomainname.Youconfiguretheseparameterswiththeglobalconfigurationcommandshostnameandipdomain-name,discussedpreviously.
ToconfiguretheSSHserver,youmustgenerateanRSAkeypairusedtoencryptthesessionbetweentheclientandserver.OntheIOSdevice,yougeneratetheRSAkeypairusingtheglobalconfigurationcommandcryptokeygeneratersa.WhenyougenerateanRSAkeypairfortheIOSdevice,youautomaticallyenabletheSSHserveronthevirtualterminallines.TodeleteanRSAkey,youusethecryptokeyzeroizersaglobalconfigurationcommand,whichautomaticallydisablestheSSHserver.
Note
Theglobalconfigurationcommandcryptokeygeneratersawillnotappearintheoutputof
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- Cisco Router Configuration 2nd EditionChapter7 nd
![提示](https://static.bdocx.com/images/bang_tan.gif)
链接地址:https://www.bdocx.com/doc/3260408.html