以前に VIRL などで検証する際によく使う設定をメモしておきました。

• Cisco VIRL でよく使う「検証用コンフィグ・テンプレート」
• Cisco へ SSH ログイン出来るようにするには（IOSv / XRv / CSR1000v / NX-OSv / ASAv）
• IOS へ公開鍵認証方式を使い、パスワード無しで SSH ログインする
• Cisco VIRL でよく使う「検証用コンフィグ・テンプレート」(2019/04/19 版)

今回は CML で IOSv を利用する場合に備え、以下 3 パターンのコンフィグ・テンプレートを用意したのでメモしておきます。

1. TELNET
2. SSH (パスワード認証)
3. SSH (公開鍵認証)

TELNET

hostname IOSv
!
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
!
logging buffered 65536 debugging
!
clock timezone JST +9
!
ip vrf management
!
no ip domain-lookup
!
interface GigabitEthernet0/0
 ip vrf forwarding management
 ip address dhcp
 no shutdown
!
no banner exec ^C
no banner incoming ^C
no banner login ^C
!
line con 0
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
!
line vty 0 4
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 no login authentication
 length 0
 transport input telnet
!
scheduler allocate
!
end

SSH (パスワード認証)

hostname IOSv
!
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
!
logging buffered 65536 debugging
!
aaa new-model
!
clock timezone JST +9
!
ip vrf management
!
username admin password admin
!
no ip domain-lookup
ip domain name example.local
!
interface GigabitEthernet0/0
 ip vrf forwarding management
 ip address dhcp
 no shutdown
!
ip ssh version 2
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
!
no banner exec ^C
no banner incoming ^C
no banner login ^C
!
line con 0
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
!
line vty 0 4
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
 transport input ssh
!
scheduler allocate
!
crypto key generate rsa modulus 2048
!
end

SSH (公開鍵認証)

hostname IOSv
!
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
!
logging buffered 65536 debugging
!
aaa new-model
!
clock timezone JST +9
!
ip vrf management
!
ip ssh pubkey-chain
  username admin
   key-string
((PUBLIC-KEY))
exit
!
no ip domain-lookup
ip domain name example.local
!
interface GigabitEthernet0/0
 ip vrf forwarding management
 ip address dhcp
 no shutdown
!
ip ssh version 2
ip ssh server algorithm authentication publickey password keyboard
ip ssh server algorithm publickey ssh-rsa
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 172.16.0.0 0.15.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
!
no banner exec ^C
no banner incoming ^C
no banner login ^C
!
line con 0
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
!
line vty 0 4
 exec-timeout 300 0
 privilege level 15
 logging synchronous
 length 0
 transport input ssh
!
scheduler allocate
!
crypto key generate rsa modulus 2048
!
end