vty/ssh/passwords Flashcards
What are the 4 steps to enable SSH?
- configure hostname
- configure domain name with ‘ip domain-name’
- generate RSA key pair with ‘crypto key generate rsa’
- configure a vty line to use SSH with ‘transport input ssh’
‘switchport port-security violation restrict’
Port security option discards traffic and increases the security violation counter when unauthorized MAC comes through
‘switchport port-security violation protect’
Port security that silently discards traffic and does not increment counter
‘switchport port-security violation shutdown’
Port security that enters err-disabled if it receives unauthorized traffic
6 steps to setup a device as SSH server?
1) hostname R1
2) ip domain-name
3) crypto key generate rsa
4) username Bill/enable secret
5) line vty 0 4
transport input ssh
5 steps to configure a SSH client?
1) hostname R1
2) ip domain-name fqdn.com
3) crypto key generate rsa
4. ip ssh [time-out seconds]
5) line vty 0 4
transport input ssh
login local does what?
Where is it configured?
tells the device to require a user to login using one of the configured usernames on the device.
it is configured at the line console level with ‘line console 0’
(config-line)
How do you configure a L2 switch with a management IP?
4 steps
put an IP on the SVI, enable it, add default gateway to global config
(if) # interface vlan1
(if) # ip address 192.168.0.6 255.255.255.0
(if) # no shutdown
(config) # ip default-gateway 192.168.0.1
What is required first before you can enter privileged exec mode through telnet?
enable secret.
If login local is enabled, a user must also be created with: ()#username jeremy secret password123
what does ‘()# line vty 0 15’ do?
selects all the VTY lines for configuration
What is the difference between the following commands:
(config-line)# access-class 1 in
()access-list 1 permit host 192.168.0.1
()ip access-list
()ip access-group
access-class : an ACL that applies only to VTY lines
access list : creates a VTY only ACL
(following two ip are not used for VTY?)
ip access-list : applies an ACL to an interface
ip access-group : creates an ACL
how do you enable ssh on a vty line?
()# line vty 0 15
(config-line)# transport input ssh
what command configures a VTY ACL?
()# access-list 199 permit tcp host 192.168.1.1 any eq 22
what command applies a VTY ACL?
(config-line)# access-class 199 in