Beruflich Dokumente
Kultur Dokumente
GENERAL
#security passwords min-length (number)
#service password-encryption
#username Gorbi secret cisco
#exec-timeout (minutes seconds)
#no service password-encryption
#security authentication failure rate 5 log
R1(config-line) # exec-timeout (minutes) (seconds)
#privilege exec level 5 debug
#enable secret level 5 cisco
#show login failures
R1#conf term
R1(config)# aaa new-model
R1(config)#end
R1#enable view
password:
R1# config terminal
R1(config)#parser view HELPDESK
R1(config-view)#secret 0 cisco
R1(config-view)#commands exec include ping
R1(config-view)#commands exec include
traceroute
.
.
.
R1# enable view HELPDESK
Password:
R1#?
Exec commands:
copy Copy from one file to another
enable Turn on privileged commands
exit Exit from the EXEC
ping Send echo messages
show Show running system
information
traceroute Trace route to destination
R1(config)#parser view Master superview
R1(config)#parser view HELPDESK
R1(config-view)#secret cisco
R1(config-view)#view HELPDESK
#secure boot-image
#secure boot-config (stores the running)
#Show secure bootset
#secure boot-config restore [filename]
#login block-for 30 attempts 10 within 20
#login quiet-mode access-class 101
#login delay 2(seconds)
#login on-failure log every
#login on-success log every
R1#show login
PASSWORD RECOVERY
1. #show version
Configuration register is 0x2102
2. Use the power switch to power cycle the router
3. Issue the break sequence within 60 seconds of power up to
put the router into ROMmon
4. Rommon 1> confreg 0x2142
5. Rommon2> prompt
6. No to setup questions
7. >enable
8. #Copy startup-config running-config
9. #show run
No service password-recovery
System Logging
1. #logging host 10.0.0.254
2. #logging trap (0-7)
3. #logging source-interface loopback 0
4. Logging on
R1#clock set 10:25:00 MAY 2 1983
NTP SETUP
1. NTPserver# conf term
2. NTPserver(config)# ntp master 1
3. NTPserver(config)# ntp authenticate
4. NTPserver(config)# ntp authentication-key 1 md5 cisco2
5. NTPserver(config)# ntp trusted-key 1
6. NTPclient# conf term
7. NTPclient(config)# ntp server 10.0.0.1
8. NTPclient# show ntp status
#auto secure ?
AAA setup
1. #username JR-Admin secret cisco
2. #username ADMIN secret cisco2
3. #aaa new-model
4. #aaa authentication login default local-case enable
5. #aaa authentication login TELNET-LOGIN local-case
6. #line vty 0 4
7. (config-line)# login authentication TELNET-LOGIN
8. (config-line)# exit
9. # aaa local authentication attempts max-fail 3
10. # do show aaa local user lockout
11. #do clear aaa local user lockout username gorbi
#aaa authentication login default group radius
#tacacs-server host [ip address of TACACS+ server]
#tacacs-server key [key]
#aaa authentication login default group tacacs+
#radius-server host [ip address of the server]
#radius-server key [key]
#debug aaa authentication
#debug radius
#debug tacacs
#
#aaa authorization exec default group tacacs+ group radius
#aaa authorization network group tacacs+
#aaa accounting exec default start-stop group tacacs+
#aaa accounting network default start-stop group tacacs+