Configuration Guides -> System Management -> Cisco IOS Configuration Fundamentals Configuration Guide, Release 12.4T -> Part 6: Configuring Basic File Transfer Services
Lets start with a very simple topology R1 and R2 are back to back over ethernet:
R1
interface FastEthernet0/0
ip address 10.10.12.1 255.255.255.0
!
ip address 10.10.12.1 255.255.255.0
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
router eigrp 12ip address 1.1.1.1 255.255.255.255
!
network 1.1.1.1 0.0.0.0
network 10.10.12.1 0.0.0.0
no auto-summary
R2
interface FastEthernet0/0 ip address 10.10.12.2 255.255.255.0
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
router eigrp 12ip address 2.2.2.2 255.255.255.255
!
network 2.2.2.2 0.0.0.0
network 10.10.12.2 0.0.0.0
no auto-summary
Make sure we have Loopback to Loopback connectivity before we go further:
R1#sh ip route eigrp
2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/409600] via 10.10.12.2, 00:00:19, FastEthernet0/0
R2#sh ip route eigrp2.0.0.0/32 is subnetted, 1 subnets
D 2.2.2.2 [90/409600] via 10.10.12.2, 00:00:19, FastEthernet0/0
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/409600] via 10.10.12.1, 00:00:31, FastEthernet0/0
R2#ping 1.1.1.1 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Okay, so in this example R1 will be the RSH server and R2 will be the RSH client
Lets create two local accounts which will be able to be used for RSH one will be used to execute non-priviledged commands while the other will be used for enable level commands
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#username level1 password 0 admin
R1(config)#username level2 password 0 admin
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#username level1 password 0 admin
R1(config)#username level2 password 0 admin
Now we want to enable R2 to use the above accounts for RSH commands that come from R2's Loopback0. The level2 user will be able to execute enable level commands
R1(config)#ip rcmd remote-host level1 2.2.2.2 R2
R1(config)#ip rcmd remote-host level2 2.2.2.2 R2 enable
Now we enable RSH
R1(config)#ip rcmd rsh-enable
For R2, we want to set our source interface to be loopback 0, otherwise we will just use the closest interface IP to the destination (Fa0/0)
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip rcmd source-interface Loopback0
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip rcmd source-interface Loopback0
Lets see if R2 can get the IOS version that is running R1
R2(config)#do rsh 1.1.1.1 /user level1 show ver | i IOS
Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)
Cool - ok, lets verify that the enable permissions are working - lets try to get the running config of interface loopback0 using the level1 user
R2(config)#do rsh 1.1.1.1 /user level1 show run int lo0
Line has invalid autocommand "show run int lo0"
Okay, that appears to have failed as expected, lets try with the level2 user
Building configuration...
Current configuration : 63 bytes
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
end
Working as desired. The biggest part is to make sure the router acting as the rsh server has the command string for the remote user set up correctly in this form:
ip rcmd remote-host LOCAL-USER-ACCOUNT REMOTE-IP REMOTE-HOSTNAME
No comments:
Post a Comment