Saturday 14 January 2023

CCNA - securing switch access

*** Configuring in Packet Tracer ***

Naming the switch and applying a password to enable mode

Switch > en

Switch # conf t

Switch (config) # hostname BOB

BOB (config) # enable secret ******

BOB (config) # exit

BOB # copy run start

Destination filename [startup-config] ? <press enter to save changes>


Applying a password to the console

BOB > en

Password:

BOB # conf t

BOB (config) # line console 0

BOB (config-line) # login

<message appears saying the login is disabled until a password is applied>

BOB (config-line) # password ******

BOB (config-line) # exit

BOB (config) # exit

BOB # wr mem

BOB # exit


Applying a password to terminal sessions

BOB > en

Password:

BOB # conf t

Password:

BOB (config) # line vty 0 15

BOB (config-line) # login

<message appears saying the login is disabled until a password is applied>

BOB (config-line) # password ******

BOB (config-line) # exit

BOB (config) # exit

BOB # wr mem

BOB # exit


SSH connection only for RSA 1024bit keys

BOB # conf t

BOB (config) # ip domain-name homebob.com

BOB (config) # crypto key generate rsa

The name for the keys will be: BOB.homebob.com

Choose the size of the key modulus in the range of 360 to 2048 for your

General Purpose Keys. Choosing a key modulus greater than 512 may take

a few minutes.


How many bits in the modulus [512]: 1024

% Generating 1024 bit RSA keys, keys will be non-exportable...[OK]

BOB (config) #  ip ssh version 2

BOB (config) # do show ip ssh

BOB (config) # transport input ssh

BOB (config) # exit

BOB # wr mem


Useful commands for when you have logged into your lab

To stop syslog console messages popping up when you have remotely connected to a device

# no logging console


To switch it back on again

# logging console


To only get the console messages at the end of the output from a show command you can add the command to the line entries

BOB (config-line) # logging synchronous 


You can do the same for the history buffer too:

BOB (config-line) # history size 25

(retains the previous 25 commands in the history buffer)


To stop the device looking for a DNS server, which causes the device to pause for a minute stopping any further commands being typed in, run the following

BOB (config) # no ip domain-lookup


NOTES: 

This command does not work in Cisco Packet Tracer

BOB (config) # transport input ssh


SSH

If you have not created a local account on the switch (if you are not using AAA) then use "admin"

When you get the password prompt use the one for the "line vty".




Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)