username foobar password cisco
!
int s0
ip address 1.1.1.1 255.255.0.0
ip access-group 101 in
! /* or port 22 for ssh */
access-list 101 permit tcp any host 1.1.1.1 eq telnet
access-list 101 dynamic foobar permit ip any any
!
line vty 0 2
login local
autocommand access-enable host timeout 5
line vty 3 4
login local
rotary 1
The first access list allows telnet into the router. Your users will
telnet into router and authenticate with username foobar and password
"cisco"
The router will then immediately disconnect the telnet session. When
they successfully authenticate, an access list with their source IP will
be added to the dynamic list. Basically, if they authenticate correctly,
they can come in to the inside network. After 5 mins of inactivty the
entry will be deleted from the access list.
The vty 3 and 4 are using the rotary command so that you can telnet to
your router with the command: "telnet 1.1.1.1 3001" This takes you to
vty 3 (or 4). This way, you can telnet into the router and actually
manage it. A very subtle but VERY important point. If you forget this,
you'll be making a trip to use the console port.
文章来源于领测软件测试网 https://www.ltesting.net/
版权所有(C) 2003-2010 TestAge(领测软件测试网)|领测国际科技(北京)有限公司|软件测试工程师培训网 All Rights Reserved
北京市海淀区中关村南大街9号北京理工科技大厦1402室 京ICP备2023014753号-2
技术支持和业务联系:info@testage.com.cn 电话:010-51297073