Cisco Router IOS XR Manuel d'utilisateur télécharger pdf (Page 41)

Cisco IOS XR Training Page 41

11. Remote Access Services – Telnet and

SSH

We need to have a way to remote access this device, and by default SSH and

TELNET are not enabled.

First up, the easy one – telnet.

RP/0/RSP0/CPU0:R1(config)#telnet ipv4 server max-servers 10

And like that, we can telnet.

Ok, onto SSH – but before setting up SSH, we need to generate an RSA key.

This is a bit different as you do not do this from config mode.

First up, add your domain-name if you do not have one:

RP/0/RSP0/CPU0:R1(config)#domain name fryguy.net

RP/0/RSP0/CPU0:R1(config)#commit

RP/0/RSP0/CPU0:R1#crypto key generate rsa

Sat Apr 21 00:36:07.790 UTC

The name for the keys will be: the_default

Choose the size of the key modulus in the range of 512 to 2048 for your

General Purpose Keypair. Choosing a key modulus greater than 512 may take a

few minutes.

How many bits in the modulus [1024]: 2048

Generating RSA keys ...

Done w/ crypto generate keypair

[OK]

RP/0/RSP0/CPU0:R1#

Once we have generated the RSA key, we can now enable the SSH service:

RP/0/RSP0/CPU0:R1#conf t

Sat Apr 21 00:40:33.845 UTC

RP/0/RSP0/CPU0:R1(config)#ssh server v2

RP/0/RSP0/CPU0:R1(config)#commit

Sat Apr 21 00:40:39.939 UTC

And like that, SSH services are now enabled.

Ok, but what if we wanted to limit who has access to the box by IP address,

that is where control-plane security comes in. For this example, I will

allow 10/8 to access the device.

RP/0/RSP0/CPU0:R1(config)#control-plane

RP/0/RSP0/CPU0:R1(config-ctrl)#management-plane

RP/0/RSP0/CPU0:R1(config-mpp-inband)#int g0/1/0/18

RP/0/RSP0/CPU0:R1(config-mpp-inband-if)#allow SSH peer

RP/0/RSP0/CPU0:R1(config-ssh-peer)# address ipv4 10.0.0.0/8

1 2 ... 36 37 38 39 40 41 42 43 44 45 46 ... 104 105

Pas de commentaire

Cisco Router IOS XR Manuel d'utilisateur Page 41