博客

CCNA保护边界路由器(某学校讲义)

  • Post author:
  • Post category:其他



(ps:第一次写博客,大佬们轻喷,只是单纯分享学习,加强自身记忆)


实验软件为Cisco Packet

拓扑及设备

(笔记本是console线连接,PC为远程)

t拓扑及设备

路由器IP与子网掩码并打开端口

路由器IP与子网掩码并打开端口

PC0设置

PC0设置

利用telnet传输协议使得PC0能虚拟远程访问路由器F0/0端口:

路由器命令如下:(缺省部分可用Tab键补齐) 

Router>en
Router#conf t
Router(config)#line vty 0 4
Router(config-line)#login local
Router(config-line)#transport input telnet
Router(config)#username 2333 password 2333 前面的2333为用户名,后者为密码

进入PC0,进入下图所示的comman prompt

在这里插入图片描述

敲入如下命令: 

PC>telnet 192.168.100.100
Trying 192.168.100.100 ...Open




User Access Verification


Username: 2333
Password: 
Router>



此时,已成功通过telnet协议实现PC0远程登录。

在路由器中敲入以下命令可以限制设置账户的密码长度(此处是10,可任意更改) 

Router(config)#security passwords min-length 10


给console线路设置密码


此时需要进入笔记本的终端中进行设置(如下图红线处所示)

在这里插入图片描述

进入终端,输入如下命令: 

Router>en
Router#conf t
Router(config)#line cons 0
Router(config-line)#password cisco
% Password too short - must be at least 10 characters. Password not configured.
Router(config-line)#password cisco123456
Router(config-line)#login

看中间我设置的密码保护就生效了。

在这里插入图片描述

这样一直退出后,再进入全局模式下得输入密码了。

之后用PC0登录路由器时出现了以下问题: 

PC>telnet 192.168.100.100
Trying 192.168.100.100 ...Open




User Access Verification


Username: 2333
Password: 
Router>
Router>en
% No password set.
Router>enable
% No password set.

出现了No password set的情况,后面发现路由器没有设置enable密码,自然登录的用户就莫得权限了。 

Router(config)#enable password 1234567890

在路由器设置完enable密码时,再用PC0登录 

PC>telnet 192.168.100.100
Trying 192.168.100.100 ...
% Connection refused by remote host
PC>
PC>telnet 192.168.100.100
Trying 192.168.100.100 ...Open




User Access Verification


Username: 2333
Password: 
Router>
Router>en
Password: 
Router#
Router#

成功进入了呢 

Router(config)#service password-encryption

这段命令可以在show running-encryption下把密码换成思科自有的加密

阻塞登录的block-for命令 

Router(config)#login block-for 120 attempts 5 within 60

含义为如果在60秒内登录失败,登录将会被禁止120秒

测试效果: 

PC>telnet 192.168.100.100
Trying 192.168.100.100 ...Open




User Access Verification


Username: 2333
Password: 
Router>
Router>en
% No password set.
Router>enable
% No password set.
Router>cisco123456
Translating "cisco123456"...domain server (255.255.255.255)
% Unknown command or computer name, or unable to find computer address


Router>enable
% No password set.
Router>en
% No password set.
Router>
Router>en
% No password set.
Router>ex


[Connection to 192.168.100.100 closed by foreign host]
PC>
PC>telnet 192.168.100.100
Trying 192.168.100.100 ...Open




User Access Verification


Username: 2333
Password: 
Router>en
% No password set.
Router>


[Connection to 192.168.100.100 closed by foreign host]
PC>telnet 192.168.100.100
Trying 192.168.100.100 ...Open




User Access Verification


Username: 2333
Password: 
Router>en
% No password set.
Router>
Router>
Router>
Router>enable
% No password set.
Router>ex


[Connection to 192.168.100.100 closed by foreign host]
PC>
PC>telnet 192.168.100.100
Trying 192.168.100.100 ...Open




User Access Verification


Username: 2333
Password: 
% Login invalid


Username:2333
Password: 
% Login invalid


Username: 2333
Password: 


[Connection to 192.168.100.100 closed by foreign host]
PC>telnet 192.168.100.100
Trying 192.168.100.100 ...Open




User Access Verification


Username: 2333
Password: 
% Login invalid


Username: 2333
Password: 


[Connection to 192.168.100.100 closed by foreign host]
PC>telnet 192.168.100.100
Trying 192.168.100.100 ...
% Connection refused by remote host

连续输入错误的密码后,被禁止登录了。

ps:排版搞得有点混,系在不好意思了。本人也在初学,出问题再正常不过了,有大佬指正错误我会很感激!谢谢大家观看!


版权声明:本文为weixin_43660409原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。