پیکربندی SSH بروی سویچ سیسکو

How to Configure SSH on a Cisco Switch?

Telnet is a widely used protocol for accessing and administering Cisco devices. But this protocol is not exactly secure and transmits data over a network in plain text.

 SSH is a secure protocol and it’s best practice to secure your access to all devices. Configuring SSH on most Cisco switch models is a straightforward process. You will need to generate a key and it is recommended to enable the aaa (Authentication, Authorization and Accounting) model.

   

 Here are the steps:

 Switch# config t

 Switch(config)# ip domain-name demo.net

 Switch(config)# crypto key generate rsa

 At this point, you will be prompted to enter a modulus number for the key generation:

Switch(config)# username admin privilege 15 secret ‘password’ (you could create more usernames)

 Switch(config)# aaa new model (To enable the aaa model on the switch)

 Switch(config)# line vty 0 15

 Switch(config-line)# transport input ssh

 Switch(config-line)# no password

 Switch(config-line)# transport preferred ssh

 Switch(config-line)# exit

 Switch(config)# exit

 Switch# copy run start (To save the configuration changes)

 After these steps, the cisco device could be access using tools such as Putty, Cygwin. Cygwin could also be configured to integrate with your PowerShell interface and save you the time involved in switching between shells. You could also configure the Start-Transcript cmdlet in your PowerShell profile to keep a log of your commands if necessary.

Cisco router -- ip route 0.0.0.0 0.0.0.0 null0

 The Null0 "interface" is a virtual bit-bucket. Meaning it's a trash can to route things to. There's automatically a Null0 route (called a Discard Route) created when you do a summary-address or area-range or things like that with routing protocols.

 The idea behind this is that you are creating a summary address manually to tell other routers about. If you are therefore expecting to receive packets for anything within that summary range, what will your router do about it? if it has more specific routes, packets will get routed perfectly fine.

 Anything not matching more specific routes would get sent to the discard route and therefore destroyed in a flash of Null0 mayhem. Without the discard route, your router would be either trying to look things up or possibly sending to a default route (0.0.0.0/0) it has in its table. This in turn, may cause a routing loop where the router with the 0/0 route contains the summary you manually advertised and so packets bounce needlessly until the TTL expires!

 It's a protection mechanism.

 You may also use Null0 as a destination in static routes if you would like particular packets to die a horrible death as well!

 As the others mentioned there are many drawbacks to this design. If you look at some alternatives:

 In the case of OSPF, if you don't want the static route but you also don't want the whole network to reconverge if your external link to your service provider goes down, check out default information-originiate alwayswhich wll always advertise the 0.0.0.0/0 route into the network even if the route doesn't exist at the time.

 Check out the track statements like (syntax might be off.. working from memory)

 track 1 interface Ethernet0/0 line-protocol

 ip route 0.0.0.0 0.0.0.0 Null0 track 1

 This is really interesting since if you're using BGP and are summarizing without using the aggregate address command, it'll allow you to add and remove routes based on tracking objects.

There are lots of ways you can play with this. I think that adding this functionality is a lot of fun. You can make your network quite dynamic by designing your routing and summarization based on endless criteria.