no ip domain-lookup
enable secret password for encryption
enable secret password for encryption
===========================
line console 0
exec-timeout 30
exec-timeout 0 0 disables timeout
no exec-timeout
==============================
logging synchronous takes you to the end of message
turn off messages that cut your typing in half
==========================================
show run
=============
service password-encryption line of site hiding
crack cisco password
enable secret hash 5 encryption ssh brute force is weakest password attack
========================================================
vlans
show ip interface brief
interface vlan 1
ipaddress
show running-config interface vlan 1
no shutdown to bring it up
=========================================================
banner ?
running config: lost at shutdown
startup config nvram (non volatile)
copy running-config startup-config or write memory
show start
video 13
====================================
cain and able
cam table overflow
fill up the cam table memory with mac addresses so the switch becomes a hub
============================================================
ssh
show ip interface brief
assign the ip ip ADDRESS ip
int vlan 1
hostname required for certificate
domain name required for certificate
ip domain-name “” dartfrog.local
encryption keysshow
enable ssh v2
create local user accounts
allow telnet and ssh
=======================================================
ssl
public key only encrypted by private key kept on server and available to noone
certificate has ½(asymmetrical) the encryption algorythm
symmetrical session key
encrypt the key when sending to the server
fresh encryption algorythm used for the one session
diffi-helman encryption , RSA
=====================================================
asymmetric key bit
crypto key generate rsa to generate key
2048
ip ssh version 2 to turn it on
create user accounts
username secret password
show ip interface brief
do show running-config
configure the ports
line vty 0 15
login local
transport input SSH
ms no command line ssh prompt
tacacs server to centralize password changes
Initial Switch config
enable
configure terminal
hostname
no hostname
enable password “password”
console pw
telnet pw
line console 0 (console port)
password
password ?
show run
| to filter
b begin with line
line vty 0 4 5 telnet ports 5 15 now have 16
no enable password
use enable secret
timeout setting
conf t
line con 0
exec-timeout 0 0 disables timeout no exec-timeout
login local
logging synchronous ---- to get you back to the prompt
service password-encryption encrypts but not secure
assign ip address
show vlan
interface vlan 1
show ip interface brief
setup vty password for telnet access.
switch>en
switch# conf t
switch(config)# line vty 0 15
switch(config-line)# password somesecret
switch(config-line)# login
switch(config-line)# end
switch#copy run start
This site is a good resource for things 2950.
No comments:
Post a Comment