如題也如圖,本例以路由器為例(思科家交換機和路由器配置大同小異)
常規配置好路由器和pc后,保證二者ping得通
首先,打開telnet,加密碼
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#line vty 0 4 //vty虛擬端口允許0-4最多五個用戶同時登陸 R1(config-line)#password abc123 R1(config-line)#login //開啟驗證 R1(config-line)#exit R1(config)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1#show running //查看配置 Building configuration... Current configuration : 797 bytes ! version 12.2 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname R1 ! ! ! enable password 123456 ! ! ! ip cef no ipv6 cef ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet1/0 no ip address duplex auto speed auto shutdown ! interface Serial2/0 no ip address clock rate 2000000 shutdown ! interface Serial3/0 no ip address clock rate 2000000 shutdown ! interface FastEthernet4/0 no ip address shutdown ! interface FastEthernet5/0 no ip address shutdown ! ip classless ! ip flow-export version 9 ! ! line con 0 ! line aux 0 ! line vty 0 4 //證明已開啟telnet password abc123 login end
在pc 上啟用cmd 進行telnet遠程登陸,如圖,可以登陸並進入路由器
然后在再關閉telnet
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#line vty 0 4 R1(config-line)#transport input ? all All protocols none No protocols ssh TCP/IP SSH protocol telnet TCP/IP Telnet protocol R1(config-line)#transport input none //關閉所有輸入協議,ssh和telnet R1(config-line)#exit R1(config)#end R1# %SYS-5-CONFIG_I: Configured from console by console R1#show running Building configuration... line con 0 ! line aux 0 ! line vty 0 4 password abc123 login transport input none ! ! ! end
這時就不能telnet登陸了。
小結:在使用transport命令的時候發現,旗下所指transport input all 包括ssh和telnet, 如果是none,則禁止了兩個協議,如果要再次開啟協議的話,我們可以用
transport input telnet 或者
transport input ssh
開啟響應協議