Four modes for managing routing and switching devices-console

 

Use the serial port of your computer to manage network devices

 

 

Figure 7 front view of Cisco 3750

7 shows the front view of Cisco 3750. Generally, the electrical port and optical port of the switch are located on the front of the switch. This deployment facilitates the plugging of Network cables and optical cables on the device. The Console port for managing and configuring a vswitch is generally located on the back of the vswitch, as shown in figure 8.

 

 

Figure 8 vswitch configuration on the back of Cisco 3750

You can directly connect to a vro or vswitch through the Console to perform local management configuration. This is also a safe and reliable configuration maintenance method. When the network device is powered on for the first time, the connection to the external network is interrupted, or other exceptions occur, the network device is usually configured in this way.

Connect the serial port of the Management PC to the Console port of the network device, and then run the terminal simulation program on the Management PC, such as the Super Terminal in the Windows system, or use the SecureCRT application. Create a new connection in the terminal simulation program, select the management PC serial port used when actually connecting to the network device, and configure the terminal communication parameters. By default, all parameters are: 9600 port, 8-Bit Data bit, 1-bit stop bit, no verification, no traffic control.

Finally, the system automatically configures the self-check on the vro or vswitch. After the self-check, the system prompts you to press enter until a command line prompt is displayed. Then you can type a command, configure a network device, or view its running status.

In addition, you can configure the following parameters to make management through the Console port more secure and personalized:

1. line console 0

2. exec-timeout 0 0

3. password 7 12130F0501595C517E

4. logging synchronous

5. login

The command "exec-timeout 0 0" indicates never timeout. If you change the last "0" in this command to "10", it indicates that after logging on through the Console port, logout will time out after 10 seconds without any operation. If you want to log on to the vswitch, you must re-enter the password to log on again. This function prevents the administrator from leaving for a short time and re-entering the password when returning. This command is more effective especially when the password is complex. However, this feature also has an insecure factor, so you still need to configure it as needed.

The function of the "logging synchronous" command is to set it. When a command is input, the System Log message is not interrupted, that is, the annoying console information is blocked to interrupt your current input, this makes the input commands more consecutive and easier to read.

The "password 7 12130F0501595C517E" command is used to configure the management PC to log on to the vswitch through the Console port, this is also to prevent other unauthorized users from accessing the vro or vswitch through the Console port.

V. Summary

1. security considerations. First, using a serial port to manage network devices is the safest way, because it is directly connected to a computer rather than remotely logged on to the device. The configured command and key password are transmitted only between the device and the computer, instead of through other network devices. This also fundamentally eliminates some "man-in-the-middle" attacks. Second, if you use SSH to remotely log on to and manage network devices, it is also safe because the SSH protocol encrypts all data, instead of transmitting data over the network in plain text mode, if security requirements are high, you can also use a dedicated authentication server in combination with SSH and the public key and private key systems, it can also eliminate man-in-the-middle attack threats. Finally, the WEB management method and remote Telnet management method are generally the least secure. However, if the WEB method is managed through HTTPS, the security is basically the same as that of SSH. However, HTTP management is used to manage the data transmitted between users' computers and network devices. This method is not recommended. Telnet is also an insecure management method. Currently, Telnet is not supported by many software by default, because it brings many potential threats to users, for example, after Windows 7 is installed by default, the Telnet function cannot be used, which is a meticulous and thoughtful place for Microsoft users. If your network has many security risks and vulnerabilities, do not use Telnet to manage network devices.

2. Usability considerations. First, the WEB management method manages network devices. All operations are performed on the window interface, which is intuitive, easy to understand and grasp. However, there are few configurable operation commands on the WEB. Generally, only a few commonly used operation commands can be completed through WEB operations, and most of the commands can be configured through command lines. Therefore, it is generally rare to see that network experts manage and configure network devices through the WEB. They are all quickly tapping on various commands, so that network devices can run as required.

Secondly, if the user's network environment is very secure, for example, a small or medium-sized lan that is not connected to the Internet, using Telnet to manage network devices is also very convenient. Because it requires fewer commands to be configured on network devices and does not require installation of special terminal software for managing PCs, it basically supports the Telnet function on Linux and Windows systems, in this way, all network devices can be remotely managed on any PC in the network. Finally, although WEB management and Telnet are easy to use, we recommend that you use SSH to configure network devices in various network environments with increasing complexity, security problems often occur in some less rigorous operating procedures. A small security problem may cause the whole network to crash. Therefore, security is no small matter! This statement is also applicable to network management.