路由安全：AAA加密本地认证

• 关 键 词：
• telnet

    第一步：预配置

    Router>en
    Router#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)#no ip domain-lo
    Router(config)#
    Router(config)#line con 0
    Router(config-line)#no exec-t
    Router(config-line)#logg s
    Router(config-line)#ho R1

    R1(config)#inter lo0
    R1(config-if)#ip add 1.1.1.1 255.255.255.0
    R1(config-if)#inter e0/0
    R1(config-if)#ip add 192.168.1.1 255.255.255.0
    R1(config-if)#no shut

    Router>en
    Router#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)#no ip domain-lo
    Router(config)#
    Router(config)#line con 0
    Router(config-line)#no exec-t
    Router(config-line)#logg s
    Router(config-line)#ho R2
    R2(config)#inter lo0
    R2(config-if)#ip add 2.2.2.2 255.255.255.0
    R2(config-if)#inter e0/0
    R2(config-if)#ip add 192.168.1.2 255.255.255.0
    R2(config-if)#no shut

    第二步：配置本地认证：

    R1(config)#aaa new
    R1(config)#aaa new-model
    R1(config)#aaa authentication login default local
    R1(config)#username norvel password norvel

    第三步：调式;

    R1#ping 192.168.1.2

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.1.2, timeout is 2 seconds:
    .!!!!
    Success rate is 80 percent (4/5), round-trip min/avg/max = 28/40/64 ms

    R1#debug aaa authentication

    User Access Verification

    Username: nor
    *Mar  1 00:20:28.243: AAA/BIND(00000003): Bind i/f
    *Mar  1 00:20:28.247: AAA/AUTHEN/LOGIN (00000003): Pick method list 'default'
    Username: norvel
    Password:

    R1>en
    R1#
    *Mar  1 00:20:35.447: AAA: parse name=tty0 idb type=-1 tty=-1
    *Mar  1 00:20:35.447: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
    *Mar  1 00:20:35.451: AAA/MEMORY: create_user (0x637813FC) user='norvel' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0)
    *Mar  1 00:20:35.451: AAA/AUTHEN/START (4286150664): port='tty0' list='' action=LOGIN service=ENABLE
    *Mar  1 00:20:35.455: AAA/AUTHEN/START (4286150664): console enable - default to enable password (if any)
    *Mar  1 00:20:35.455: AAA/AUTHEN/START (4286150664): Method=ENABLE
    R1#co
    *Mar  1 00:20:35.455: AAA/AUTHEN(4286150664): can't find any passwords
    *Mar  1 00:20:35.459: AAA/AUTHEN(4286150664): Status=ERROR
    *Mar  1 00:20:35.459: AAA/AUTHEN/START (4286150664): Method=NONE
    *Mar  1 00:20:35.459: AAA/AUTHEN(4286150664): Status=PASS
    *Mar  1 00:20:35.463: AAA/MEMORY: free_user (0x637813FC) user='norvel' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15 vrf= (id=0)

    R2#telnet 192.168.1.1
    Trying 192.168.1.1 ... Open

    User Access Verification

    Username: norvel
    Password:

    R1>