This commit is contained in:
@ -41,9 +41,9 @@ exit
|
||||
exit
|
||||
```
|
||||
|
||||
The first `exit` leaves the interface, the second `exit` leaves the config session.
|
||||
The first `exit` leaves the VLAN, the second `exit` leaves the config session.
|
||||
|
||||
If the VLAN should be used for management purposes it needs an IP address:
|
||||
If the VLAN should be used for management purposes additionally an interface for this VLAN is required with an IP address:
|
||||
|
||||
```
|
||||
configure terminal
|
||||
@ -122,3 +122,56 @@ exit
|
||||
`native` makes the VLAN untagged on that port.
|
||||
|
||||
|
||||
### SSH access and hardening measures
|
||||
|
||||
First of all, the switch needs to know about time and requires a name:
|
||||
|
||||
About time:
|
||||
```
|
||||
configure terminal
|
||||
ntp server de.pool.ntp.org
|
||||
clock timezone Etc/Utc
|
||||
exit
|
||||
```
|
||||
|
||||
About names:
|
||||
```
|
||||
configure terminal
|
||||
hostname switch01
|
||||
ip domain-name mynetwork.intern
|
||||
exit
|
||||
```
|
||||
|
||||
An user is required:
|
||||
```
|
||||
configure terminal
|
||||
username admin password geheim123
|
||||
exit
|
||||
```
|
||||
|
||||
A host key must be generated:
|
||||
```
|
||||
crypto key generate rsa
|
||||
```
|
||||
This command will ask for the key length. Select 2048 bits.
|
||||
|
||||
Set the SSH version:
|
||||
```
|
||||
ip ssh version 2
|
||||
```
|
||||
|
||||
Configure the virtual terminals accordingly:
|
||||
```
|
||||
configure terminal
|
||||
line vty 0 15
|
||||
transport input ssh
|
||||
login local
|
||||
exit
|
||||
```
|
||||
|
||||
As mentioned about, the switches support only quite old SSH protocols, so to access it use on the client side:
|
||||
```
|
||||
ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-rsa admin@192.168.2.1
|
||||
```
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user