Stop the annoying logs interrupting you on the console
line con 0
logging sync
Setting up a host name and domain name on the router
conf t
hostname R1
ip domain name example.com
Generate your keys
conf t
crypto key generate rsa
Key length should be 1024 (Need at least 1024 for ssh version2)
Configure a username and password
username admin priv 15 secret mypassword
password mypassword will be stored in plain text
secret mypassword will be stored in md5 hash
Enable aaa
aaa new-model (make the router ask for a username and a password)
enable secret myenablepw
Turn off telnet
line vty 0 4 (on router)
line vty 0 15 (on switch)
line vty 0 4
transport input ssh
Named Access-list
*** Important to type ip in front of access-list if you are used to ASA ***
*** Don't for get to look for access lists under the vty lines ***
ip access-list extended MYACL_NAME permit tcp host s.s.s.s host d.d.d.d eq 22
int g0/0
ip access-group MYACL_NAME in
Numbered Access-list
access-list 150 permit tcp host s.s.s.s host d.d.d.d eq 22
int g0/0
ip acccess-group 150 in
Example ACL
ip access-list extended OUTSIDE_IN
10 permit tcp host x.x.x any
20 permit tcp host y.y.y.y any
30 permit tcp z.z.z.z 0.0.0.15 (networks need to be added with wildcard)
200 deny ip any any log
interface Dialer1
ip access-group OUTSIDE_in in
No comments:
Post a Comment