らくがきちょう

なんとなく ~所属組織/団体とは無関係であり、個人の見解です~

CML での IOSv コンフィグ・テンプレート (TELNET / SSH)

以前に VIRL などで検証する際によく使う設定をメモしておきました。

今回は CML で IOSv を利用する場合に備え、以下 3 パターンのコンフィグ・テンプレートを用意したのでメモしておきます。

  1. TELNET
  2. SSH (パスワード認証)
  3. SSH (公開鍵認証)

TELNET

hostname IOSv
!
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
!
logging buffered 65536 debugging
!
clock timezone JST +9
!
ip vrf management
!
no ip domain-lookup
!
interface GigabitEthernet0/0
 ip vrf forwarding management
 ip address dhcp
 no shutdown
!
no banner exec ^C
no banner incoming ^C
no banner login ^C
!
line con 0
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
!
line vty 0 4
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 no login authentication
 length 0
 transport input telnet
!
scheduler allocate
!
end

SSH (パスワード認証)

hostname IOSv
!
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
!
logging buffered 65536 debugging
!
aaa new-model
!
clock timezone JST +9
!
ip vrf management
!
username admin password admin
!
no ip domain-lookup
ip domain name example.local
!
interface GigabitEthernet0/0
 ip vrf forwarding management
 ip address dhcp
 no shutdown
!
ip ssh version 2
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
!
no banner exec ^C
no banner incoming ^C
no banner login ^C
!
line con 0
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
!
line vty 0 4
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
 transport input ssh
!
scheduler allocate
!
crypto key generate rsa modulus 2048
!
end

SSH (公開鍵認証)

hostname IOSv
!
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
!
logging buffered 65536 debugging
!
aaa new-model
!
clock timezone JST +9
!
ip vrf management
!
ip ssh pubkey-chain
  username admin
   key-string
((PUBLIC-KEY))
exit
!
no ip domain-lookup
ip domain name example.local
!
interface GigabitEthernet0/0
 ip vrf forwarding management
 ip address dhcp
 no shutdown
!
ip ssh version 2
ip ssh server algorithm authentication publickey password keyboard
ip ssh server algorithm publickey ssh-rsa
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
!
no banner exec ^C
no banner incoming ^C
no banner login ^C
!
line con 0
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
!
line vty 0 4
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
 transport input ssh
!
scheduler allocate
!
crypto key generate rsa modulus 2048
!
end