详解ACL限制SSH、Telnet远程登录及抓包实验

本文主要是介绍详解ACL限制SSH、Telnet远程登录及抓包实验，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

 要求：lsw5只能lsw6登录，lsw6只能PC2登录

<Huawei>sys
[Huawei]sysname sw2
[sw2]int vlanif1
[sw2-Vlanif1]ip address 192.168.10.2 24
[sw2-Vlanif1]q
[sw2]

<Huawei>sys
[Huawei]sysname sw1
[sw1]int vlanif1
[sw1-Vlanif1]ip address 192.168.10.1 24
[sw2-Vlanif1]q
[sw2]

<Huawei>sys
[Huawei]sysname sw3
[sw3]int vlanif1
[sw3-Vlanif1]ip address 192.168.10.3 24
[sw3-Vlanif1]q
[sw3]

<sw2>sys
[sw2]user-interface vty 0 4
[sw2-ui-vty0-4]authentication-mode aaa
[sw2-ui-vty0-4]protocol inbound ?all     All protocolsssh     SSH protocoltelnet  Telnet protocol
[sw2-ui-vty0-4]protocol inbound telnet 

[sw2]aaa
[sw2-aaa]local-user telsw2 password cipher 123456 privilege level 15
[sw2-aaa]local-user telsw2 service-type telnet 

<sw3>telnet 192.168.10.2
Trying 192.168.10.2 ...
Press CTRL+K to abort
Connected to 192.168.10.2 ...Login authenticationUsername:telsw2
Password:
Info: The max number of VTY users is 5, and the numberof current VTY users on line is 1.The current login time is 2024-08-27 10:03:11.
<sw2>

[sw2]dis cu
#
sysname sw2
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
drop-profile default
#
aaaauthentication-scheme defaultauthorization-scheme defaultaccounting-scheme defaultdomain defaultdomain default_adminlocal-user admin password simple adminlocal-user admin service-type httplocal-user telsw2 password cipher %NS[+B0ZNI]NZPO3JBXBHA!!local-user telsw2 privilege level 15local-user telsw2 service-type telnet
#
interface Vlanif1ip address 192.168.10.2 255.255.255.0
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
interface GigabitEthernet0/0/4
#
interface GigabitEthernet0/0/5
#
interface GigabitEthernet0/0/6
#
interface GigabitEthernet0/0/7
#
interface GigabitEthernet0/0/8
#
interface GigabitEthernet0/0/9
#
interface GigabitEthernet0/0/10
#
interface GigabitEthernet0/0/11
#
interface GigabitEthernet0/0/12
#
interface GigabitEthernet0/0/13
#
interface GigabitEthernet0/0/14
#
interface GigabitEthernet0/0/15
#
interface GigabitEthernet0/0/16
#
interface GigabitEthernet0/0/17
#
interface GigabitEthernet0/0/18
#
interface GigabitEthernet0/0/19
#
interface GigabitEthernet0/0/20
#
interface GigabitEthernet0/0/21
#
interface GigabitEthernet0/0/22
#
interface GigabitEthernet0/0/23
#
interface GigabitEthernet0/0/24
#
interface NULL0
#
user-interface con 0
user-interface vty 0 4authentication-mode aaa
#
return
[sw2]

<sw3>telnet 192.168.10.2
Trying 192.168.10.2 ...
Press CTRL+K to abort
Connected to 192.168.10.2 ...Login authenticationUsername:telsw2
Password:
Info: The max number of VTY users is 5, and the numberof current VTY users on line is 1.The current login time is 2024-08-27 10:18:18.
<sw2>

[sw1]user-interface vty 0 4
[sw1-ui-vty0-4]authentication-mode aaa
[sw1-ui-vty0-4]protocol inbound ssh 
[sw1-ui-vty0-4]aa
[sw1-aaa]
[sw1-aaa]local-user sshsw1 password cipher 123456 privilege level 15
Info: Add a new user.
[sw1-aaa]local-user sshsw1 service-type ssh 
[sw1]stelnet server enable 
Info: Succeeded in starting the Stelnet server.
[sw1]ssh user sshsw1 authentication-type password 
Info: Succeeded in adding a new SSH user.
[sw1]ssh user sshsw1 service-type stelnet 
[sw1]rsa local-key-pair create
The key name will be: sw1_Host
The range of public key size is (512 ~ 2048). 
NOTES: If the key modulus is greater than 512, it will take a few minutes.
Input the bits in the modulus[default = 512]:2048
Generating keys...
.........................................................................+++
.......................................+++
.......................++++++++
.++++++++[sw1]

[sw3]stelnet 192.168.10.1
Please input the username:sshsw1
Trying 192.168.10.1 ...
Press CTRL+K to abort
Connected to 192.168.10.1 ...
Error: Failed to verify the server's public key.
Please run the command "ssh client first-time enable"to enable the first-time ac
cess function and try again.
[sw3]ssh client first-time enable
[sw3]
Aug 27 2024 11:04:46-08:00 sw3 DS/4/DATASYNC_CFGCHANGE:OID 1.3.6.1.4.1.2011.5.25
.191.3.1 configurations have been changed. The current change number is 6, the c
hange loop count is 0, and the maximum number of records is 4095.
[sw3]ste	
[sw3]stelnet 192.168.10.1
Please input the username:sshsw1
Trying 192.168.10.1 ...
Press CTRL+K to abort
Connected to 192.168.10.1 ...
The server is not authenticated. Continue to access it? [Y/N] :y
Save the server's public key? [Y/N] :
Aug 27 2024 11:05:47-08:00 sw3 %%01SSH/4/CONTINUE_KEYEXCHANGE(l)[0]:The server h
ad not been authenticated in the process of exchanging keys. When deciding wheth
er to continue, the user chose Y.y
The server's public key will be saved with the name 192.168.10.1. Please wait...Aug 27 2024 11:05:55-08:00 sw3 %%01SSH/4/SAVE_PUBLICKEY(l)[1]:When deciding whet
her to save the server's public key 192.168.10.1, the user chose Y.
Enter password:
Info: The max number of VTY users is 5, and the numberof current VTY users on line is 1.The current login time is 2024-08-27 11:06:00.
<sw1>

[sw1]acl 2000
[sw1-acl-basic-2000]rule permit source 192.168.10.2 0.0.0.0
[sw1]user-interface vty 0 4
[sw1-ui-vty0-4]acl 2000 inbound SW3访问中断
[sw3]stelnet 192.168.10.1
Please input the username:sshsw1
Trying 192.168.10.1 ...
Press CTRL+K to abort

这篇关于详解ACL限制SSH、Telnet远程登录及抓包实验的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！

---