Cisco CCENT / CCNA Exam Tutorial:

Telnet And VTY Line Passwords

Now With Exclusive Telnet Training Videos!

By Chris Bryant, CCIE #12933

Knowing the benefits and potential issues with Telnet connections is not only an important part of your CCNA and CCENT studies, but this is knowledge that's very practical for use in production networks.

When you're connecting to a Cisco router or switch, you're going to use one of two methods:

• Physically connecting a laptop to the switch
• Connecting from a remote location via Telnet or SSH

We're going to telnet from one Cisco router to another in this example, but there is one major rule that holds true for any Telnet configuration on a Cisco router or switch:  You must configure a password, and without a password, no user will be able to telnet to a Cisco router or switch! 

In the following example, I've attempted to telnet to a Cisco router that has no VTY line password set.

R1#telnet 172.12.123.3
Trying 172.12.123.3 ... Open

Password required, but none set

[Connection to 172.12.123.3 closed by foreign host]

In another CCNA / CCENT tutorial, we saw that the console port didn't require a password. There is a little basic security in place when using the console port, since the user has to physically be present in order to access the router. 

Hopefully your server room has enough physical security in place to prevent someone from just walking in and connecting to a router!

With Telnet connections, though, the user doesn't have to be present - that's the reason we use it in the first place!  We certainly don't want just anyone connecting to our network, so Cisco routers and switches require a password to be set for Telnet access; failure to set one results in a message like the one we just saw.

So... let's set a Telnet password!   On a Cisco router, the password portion of the configuration will look almost the same as it does on a switch.

line con 0
line aux 0
line vty 0 4

To configure a Telnet password, we need to concern ourselves with that "line vty 0 4" section.  The vty lines are the virtual terminal lines, and it's those lines that are used for Telnet.  To configure a password on all five vty lines at once, just use this configuration:

R3(config)#line vty 0 4
R3(config-line)#password CCENT
R3(config-line)#login

Now what happens when we try to telnet from R1 to R3 again?

R1#telnet 172.12.123.3
Trying 172.12.123.3 ... Open

User Access Verification

Password:
R3>

Success!  We were prompted for the password, and after we entered it, we're now in R3 as indicated by the prompt. 

About the password entry process...some vendors have asterisks appear as you enter a password, but Cisco routers and switches do not.  You will not see any characters appear as you enter that password.

Take a look at the prompts in the password entry example.  Note that R1 has a pound sign after "R1", but that R3 has a "greater than" symbol.  Before we continue our Telnet discussion, we're going to talk about router and switch modes and what those particular symbols indicate. 

Not only will you almost certainly be asked about those symbols on your CCENT and CCNA exams, but they're imperative for working in real-world networks - because these modes we're about to discuss determine what you can and cannot do on a Cisco router or switch!

We'll examine these modes in detail in the next installment of my Cisco CCENT and CCNA training tutorial series!

For A Limited Time, Get A FREE CCNA Security Study Package With The Purchase Of Any CCNA Or CCNP Study Package Or Our CCNA On-Demand Boot Camp!

Visit Our CCNA Store And CCNP Store To See More --

And The Bulldog Blog Has Plenty Of Free Practice Exams And Tutorials For You As Well!

Here's My Two-Part Look At Telnet For The CCNA Exams! Enjoy!

Part 2:

To your success,

Chris Bryant

CCIE #12933

"The Computer Certification Bulldog"

chris@thebryantadvantage.com