When we buy a new switch, it is coming with this configuration: No IP address , No host name, No default gateway (router) , No subnet mask, No console password, No Telnet password, No startup configuration, so you use the console connection to management ports and IP addresses, password, remote control, in addition to that the Ethernet management ports are used for out-of-band network management tasks.
“Best practice: At a minimum, you should set passwords for console and VTY access to secure access through the console port and to enable and secure remote access through Telnet or SSH. You have two main reasons to have several VTY access lines on a Cisco device:
✦ Allowing you to connect to the switch and connect to another device from the switch: Two VTY lines are needed in this case: one line to connect into the switch and another line to connect out of the switch to another device.
✦ Allowing several administrators to work on the switch: In large networks, more than one administrator may manage the network. More than one administrator may need to connect from a remote location to the same switch using Telnet or SSH. This is typical with large core switches.”
(Clarke, 2010)
The problem with Telnet is it transmits the data in plain text. In contrast, SSH is the secure protocol replacement to Telnet and is used to encrypt the communication between your administration system and the Cisco device you are remotely connecting to. SSH can be used to encrypt all communication, including authentication traffic.
References:
Clarke, G. E. (2010). CCENT certification all-in-one for dummies. Hoboken, NJ: Wiley.
Retrieved August 31, 2017, from https://www.arista.com/assets/data/pdf/user-manual/um-eos/Chapters/Initial%20Configuration%20and%20Recovery.pdf
No comments:
Post a Comment