Upstream/lab-docu
1
0
Fork 0
mirror of https://github.com/Fohdeesha/lab-docu.git synced 2024-11-28 11:05:13 +01:00
Code Issues Projects Releases Wiki Activity

clean up telnet disable commands

Browse Source
This commit is contained in:
Jon Sands 2022-08-06 08:42:23 -04:00
parent f0080b56a6
commit a46342702f
2 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docs/icx6xxx-adv.md
View File

@ -21,6 +21,15 @@ We also need to tell it to use our new local user account(s) to authorize attemp
aaa authentication login default local
aaa authentication web default local
```
We should also disable telnet as it's quite insecure. If the switch is located outside your home, password protect the serial console port as well:
```
no telnet server
#optional: password protect the serial port:
enable aaa console
```
If you wanted to use the web UI (I don't recommend using it, really), you can now log into it using the credentials you created above. By default, the web server is http only. If you want to disable the web server, just run:
```
no web-management http
@ -102,16 +111,6 @@ Once you get an `ssl-certificate creation is successful` message in the consol
```
That's it! the web UI should now use your cert when loaded via HTTPS
You should enable authentication for telnet access:
```
enable telnet authentication
```
If your switch is outside of your home, or accessible by others, telnet should be disabled entirely, and access to the serial console should also be password protected. Otherwise skip this step at your discretion:
```
no telnet server
enable aaa console
```
### Optional: Key Based SSH Access
If you have followed the above to set up authentication, and also wish to disable password-based SSH login and set up a key pair instead, follow this section. If not, skip it. Enable key login, and disable password login:
```

4
docs/icx7xxx-adv.md
View File

@ -17,10 +17,12 @@ By default, the switch has the `super` user that you set a password for previous
aaa authentication login default local
aaa authentication web default local
```
We should also disable telnet as it's quite insecure:
We should also disable telnet as it's quite insecure. If the switch is located outside your home, password protect the serial console port as well:
```
no telnet server
#optional: password protect the serial port:
enable aaa console
```
If you wanted to use the web UI (I don't recommend using it, really), you can now log into it using the credentials you created above. By default, the web server is http only. If you want to disable the web server, just run:
```