以前に VIRL などで検証する際によく使う設定をメモしておきました。
- Cisco VIRL でよく使う「検証用コンフィグ・テンプレート」
- Cisco へ SSH ログイン出来るようにするには(IOSv / XRv / CSR1000v / NX-OSv / ASAv)
- IOS へ公開鍵認証方式を使い、パスワード無しで SSH ログインする
- Cisco VIRL でよく使う「検証用コンフィグ・テンプレート」(2019/04/19 版)
今回は CML で IOSv を利用する場合に備え、以下 3 パターンのコンフィグ・テンプレートを用意したのでメモしておきます。
TELNET
hostname IOSv ! service timestamps debug datetime msec localtime service timestamps log datetime msec localtime ! logging buffered 65536 debugging ! clock timezone JST +9 ! ip vrf management ! no ip domain-lookup ! interface GigabitEthernet0/0 ip vrf forwarding management ip address dhcp no shutdown ! no banner exec ^C no banner incoming ^C no banner login ^C ! line con 0 exec-timeout 300 0 privilege level 15 logging synchronous length 0 ! line vty 0 4 exec-timeout 300 0 privilege level 15 logging synchronous no login authentication length 0 transport input telnet ! scheduler allocate ! end
SSH (パスワード認証)
hostname IOSv ! service timestamps debug datetime msec localtime service timestamps log datetime msec localtime ! logging buffered 65536 debugging ! aaa new-model ! clock timezone JST +9 ! ip vrf management ! username admin password admin ! no ip domain-lookup ip domain name example.local ! interface GigabitEthernet0/0 ip vrf forwarding management ip address dhcp no shutdown ! ip ssh version 2 ! access-list 1 permit 10.0.0.0 0.255.255.255 access-list 1 permit 172.16.0.0 0.15.255.255 access-list 1 permit 192.168.0.0 0.0.255.255 ! no banner exec ^C no banner incoming ^C no banner login ^C ! line con 0 exec-timeout 300 0 privilege level 15 logging synchronous length 0 ! line vty 0 4 exec-timeout 300 0 privilege level 15 logging synchronous length 0 transport input ssh ! scheduler allocate ! crypto key generate rsa modulus 2048 ! end
SSH (公開鍵認証)
hostname IOSv ! service timestamps debug datetime msec localtime service timestamps log datetime msec localtime ! logging buffered 65536 debugging ! aaa new-model ! clock timezone JST +9 ! ip vrf management ! ip ssh pubkey-chain username admin key-string ((PUBLIC-KEY)) exit ! no ip domain-lookup ip domain name example.local ! interface GigabitEthernet0/0 ip vrf forwarding management ip address dhcp no shutdown ! ip ssh version 2 ip ssh server algorithm authentication publickey password keyboard ip ssh server algorithm publickey ssh-rsa ! access-list 1 permit 10.0.0.0 0.255.255.255 access-list 1 permit 172.16.0.0 0.15.255.255 access-list 1 permit 192.168.0.0 0.0.255.255 ! no banner exec ^C no banner incoming ^C no banner login ^C ! line con 0 exec-timeout 300 0 privilege level 15 logging synchronous length 0 ! line vty 0 4 exec-timeout 300 0 privilege level 15 logging synchronous length 0 transport input ssh ! scheduler allocate ! crypto key generate rsa modulus 2048 ! end