router(config)#no ip domain-lookup //取消域名解析。 router(config)#ip classless //使路由器支持无编号IP地址。 router(config)#ip subnet-zero //使路由器支持零子网。
把二层接口改为三层接口:
int fa0/1 switchport mode access no switchport ip routing ip addr *.*.*.* *.*.*.* no shutdown
使设备状态提示不影响正常输入:
Router(config)#line vty 0 4 Router(config-line)#logging synchronous Router(config)#line console 0 Router(config-line)#logging synchronous
启用路由器SSH登录:
1. 配置hostname和domain-name:
Router(config)#hostname Test-Router//配置ssh的时候路由器的名字不能为router Test-Router(config)#ip domain-name cisco.com.cn//配置SSH必需
2. 配置SSH服务:
Test-Router(config)#crypto key generate rsa % You already have RSA keys defined named Test-Router.cisco.com.cn. % Do you really want to replace them? [yes/no]: yes//重新生成RSA密钥 Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]://注:选择加密位数,cisco推荐使用1024 *Mar 1 00:40:37.551: %SSH-5-DISABLED: SSH 2.0 has been disabled % Generating 512 bit RSA keys, keys will be non-exportable...[OK] *Mar 1 00:40:42.171: %SSH-5-ENABLED: SSH 2.0 has been enabled
查看SSH配置:
Test-Router(config)#do sh ip ssh SSH Enabled - version 2.0 Authentication timeout: 120 secs; Authentication retries: 5
修改SSH参数:
Test-Router(config)#ip ssh version 2//修改SSH版本 Test-Router(config)#ip ssh time-out 120//修改空闲超时时间 Test-Router(config)#ip ssh authentication-retries 5//修改认证重试次数
3. 创建认证用户:
Test-Router(config)#username admin password 7 cisco123 Invalid encrypted password: cisco123 # 0 Specifies an UNENCRYPTED password will follow # 7 Specifies a HIDDEN password will follow
4. 配置SSH登陆:
Test-Router(config)#line vty 0 4 Test-Router(config-line)#transport input ssh Test-Router(config-line)#login local Test-Router(config-line)#exit