SSH

Done

Console

The following commands will change how an user connect to a console port in the device, which by default requires no authentication

Add Username and Password

configure terminal
username {name} {password | secret} {password}

Enter Console line configuration mode

configure terminal
line console 0
💡
NOTE: The line part will always be zero, because you can have only one device connected to the console port.

There are two methods for authentication…

Password, but no Username
configure terminal
line console 0
{password | secret} {password}
login
Username AND password
configure terminal
line console 0
login local     //Assume you have configured previously an username and password

Layer 2 Switch - Management IP

You can create an SVI even in a Layer 2 Switch, the only difference is that it won`t route packets. You create an SVI on the VLAN you want it to be accessed.

configure terminal
interface vlan {vlan-id}
ip address {ip} {subnet-mask}

It is also important for it to be able to send packets to outside of the LAN, so it can be accessed by devices outside of it.

ip default-gateway {ip}

Telnet

It was invented in 1969 in order to remotely access the CLI. However, it has one problem, it works as plain text: no encryption. Therefore, captured packets can be easily read.

Configuring

configure terminal
line vty 0 15 //Alters all the vty lines, in other words, all the possible simultaneous connections
login local
transport input {ssh | telnet | ssh telnet | all | none}
access-class {acl-id} in //OPTIONAL --> Applies an ACL to filter who can remotely access
💡
NOTE: You can create an ACL like access-list 1 permit {ip-address} {wilcard} to further apply on the VTY lines to filter which IP addresses can remotely access the CLI.

SSH (Secure Shell)

It was developed in 1995 as a better alternative to some protocols due to its better security

There are currently two version:

  • SSHv1
  • SSHv2

💡
NOTE: When a device supports SSH it will display K9 in its version. Also, if the devices both SSHv1 and SSHv2 connections it will appear as version 1.99.

How to configure SSH

  1. Configure Hostname (if not configured yet)
    configure terminal
hostname {name}
  1. Define a Domain Name
    ip domain name {name}
  1. Generate RSA Keys
    crypto key generate rsa [modulus {size}]
    💡
    NOTE: An key of at least 768 bits is required for SSHv2.
  1. Specify the version
    ip ssh version 2
  1. Add Username and Password (if not yet configured)
    username {username} secret {password}
  1. Configure VTY lines

    line vty 0 15
login local
transport input ssh
exec-timeout {minute} {seconds}  //OPTIONAL
access-class {acl-id} in //OPTIONAL - ACL must be previously created

Additional

ip ssh time-out {seconds}
💡
NOTE: The default time is 120 seconds

Show command

show ip ssh
show ssh

Windows commands

Telnet

telnet {ip}

Option #1 - SSH

ssh -l {username} {ip}

Option #2 - SSH

ssh {username}@{ip}