Juniper/Cisco互操作: 配置JUNOS/IOS Telnet互访

使用更为安全的SSH替代传统远程登录协议telnet已成为越来越广泛的话题,然而telnet毕竟为大部分网络工作人员所熟悉,而且现在有很多telnet服务器都非常有趣。作为引子,我先给出JuniperCisco路由器之间通过telnet实现JUNOS和IOS之间互访登录的配置。依然使用我们的JUNOS 101的实验测试平台,我们在Juniper JUNOS路由器R2与Cisco IOS路由器R4之间进行配置测试,R2/R4如拓扑图中所示,源IP分别为R2 (JUNOS): 10.0.4.10R4 (IOS): 10.0.4.9,下面开始。

Juniper JUNOS路由器telnet配置

在Juniper JUNOS路由器上打开telnet服务。

[edit]
nigel@junos# set system services telnet 

[edit]
nigel@junos# commit
commit complete

从Cisco IOS路由器R4上使用telnet登录至Juniper JUNOS路由器。

r4-ios#telnet 10.0.4.10
Trying 10.0.4.10 ... Open

junos (ttyp0)

login: nigel
Password:

--- JUNOS 7.2R4.2 built 2006-02-14 07:33:49 UTC
nigel@junos>exit 

[Connection to 10.0.4.10 closed by foreign host]
r4-ios#

Cisco IOS路由器telnet配置

Cisco IOS默认情况下已经打开telnet连接端口,然而由于没有配置登录验证方式,我们依然无法从Juniper JUNOS路由器R2上直接通过telnet登录到Cisco IOS路由器R4上面。

[edit]
nigel@junos# run telnet 10.0.4.9 logical-router r2
Trying 10.0.4.9...
Connected to 10.0.4.9.
Escape character is '^]'.

Password required, but none set
Connection closed by foreign host.

当然,你可以在line vty 0 4下面,使用no login命令来关闭Cisco IOS对于远程登录请求的验证,这可能是一个很危险的配置习惯,那么这里我们在IOS上加入一个本地用户juniper,登录密码为junos,让Cisco IOS路由器使用本地用户数据库进行登录验证,并且配置将IOS的enable密码设置为cisco-ios.

r4-ios#conf t
Enter configuration commands, one per line.
End with CNTL/Z.
r4-ios(config)#service password-encryption
r4-ios(config)#username juniper password junos
r4-ios(config)#enable secret cisco-ios
r4-ios(config)#line vty 0 4
r4-ios(config-line)#login local
r4-ios(config-line)#^Z
r4-ios#

从Juniper JUNOS路由器R2上使用telnet登录至Cisco IOS路由器R4。

[edit]
nigel@junos# run telnet 10.0.4.9 logical-router r2
Trying 10.0.4.9...
Connected to 10.0.4.9.
Escape character is '^]'.

User Access Verification

Username: juniper
Password:

r4-ios>en
Password:

r4-ios#exit
Connection closed by foreign host.

[edit]
nigel@junos#

Juniper JUNOS与Cisco IOS静态主机映射

相应的,我们也可以分别通过在Juniper JUNOS以及Cisco IOS上配置静态主机名称到IP地址映射,使得双方互联通讯更为直观。在Juniper JUNOS路由器上我们将Cisco IOS路由器R4的IP地址10.0.4.9映射至主机名cisco-ios上。

[edit system]
nigel@junos# set static-host-mapping cisco-ios inet
10.0.4.9  

[edit system]
nigel@junos# commit
commit complete

nigel@junos# run ping cisco-ios logical-router r2 rapid
PING cisco-ios (10.0.4.9): 56 data bytes
!!!!!
--- cisco-ios ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 9.585/13.037/19.595/3.882
ms

而另外一端,我们在Cisco IOS路由器R4上,我们将Juniper JUNOS路由器R2的IP地址10.0.4.10映射至主机名juniper-junos上。

r4-ios(config)#ip host juniper-junos 10.0.4.10
r4-ios(config)#do ping juniper-junos

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.4.10, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max
= 4/8/12 ms

Juniper JUNOS路由器远程登录用户连接管理

为之后的SSH互访配置做准备,我们在Juniper JUNOS路由器上新增一个本地用户cisco, 登录密码为ios123;当我们使用该用户名通过Cisco IOS路由器R4登录后。

r4-ios#telnet juniper-junos
Trying juniper-junos (10.0.4.10)... Open

junos (ttyp0)

login: cisco
Password:

--- JUNOS 7.2R4.2 built 2006-02-14 07:33:49 UTC
cisco@junos> 

在Juniper JUNOS路由器上,我们可以使用request system logout命令关闭JUNOS系统与该用户的远程连接对话。

nigel@junos> show system users
 6:24AM  up 3:43, 2 users, load averages: 0.09, 0.05, 0.01
USER     TTY      FROM          LOGIN@  IDLE WHAT
nigel    d0       -            3:02AM      - cli
cisco    p0       cisco-ios    6:22AM      1 -cli (cli)

nigel@junos> request system logout user cisco 

nigel@junos> show system users
 6:24AM  up 3:43, 1 user, load averages: 0.13, 0.06, 0.01
USER     TTY      FROM          LOGIN@  IDLE WHAT
nigel    d0       -            3:02AM      - cli

在Cisco IOS路由器R4端可以发现远程登录连接被关闭。

--- JUNOS 7.2R4.2 built 2006-02-14 07:33:49 UTC
cisco@junos>
[Connection to juniper-junos closed by foreign host]
r4-ios#

Cisco IOS路由器远程登录用户连接管理

r4-ios#show users
    Line    User    Host(s)      Idle       Location
*  0 con 0          idle         00:00:00
  98 vty 0  juniper idle         00:01:53 juniper-junos

  Interface User            Mode Idle     Peer Address

r4-ios#clear line vty 0
[confirm]
 [OK]

在Juniper JUNOS路由器端同样可以发现远程登录连接被关闭。

[edit]
nigel@junos# run telnet cisco-ios logical-router r2
Trying 10.0.4.9...
Connected to cisco-ios.
Escape character is '^]'.

User Access Verification

Username: juniper
Password:
r4-ios>Connection closed by foreign host.
Advertisements

2 thoughts on “Juniper/Cisco互操作: 配置JUNOS/IOS Telnet互访

  1. Juniper/Cisco互操作: 配置JUNOS/IOS SSH2互访 « JUNIPER JUNOS & CISCO IOS 互联路由

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s