Telnet, part of the TCP/IP protocol suite, is a virtual terminal protocol that allows you to make connections to remote devices, gather information, and run programs.

After your routers and switches are configured, you can use the Telnet program to reconfigure and/or check up on your routers and switches without using a console cable. You run the Telnet program by typing telnet from any command prompt (DOS or Cisco). You need to have VTY passwords set on the routers for this to work.

Remember, you can’t use CDP to gather information about routers and switches that aren’t directly connected to your device. But you can use the Telnet application to connect to your neighbor devices, and then run CDP on those remote devices to get information on them. You can issue the telnet command from any router prompt like this:

RouterA#telnet 172.16.10.2
Trying 172.16.10.2 … Open
Password required, but none set
[Connection to 172.16.10.2 closed by foreign host]
RouterA#

As you can see, I didn’t set my passwords—how embarrassing! Remember that the VTY ports on a router are configured as login, meaning that we have to either set the VTY passwords or use the no login command.

There are five passwords used to secure your Cisco routers: console, auxiliary, telnet (VTY), enable password, and enable secret. Just as you learned earlier in the chapter, the first two passwords are used to set your enable password that’s used to secure privileged mode. This will prompt a user for a password when the enable command is used. The other three are used to configure a password when user mode is accessed either through the console port, through the auxiliary port, or via Telnet.

Enable Passwords

You can set the enable passwords from global configuration mode like this:

Router(config)#enable ?
last-resort Define enable action if no TACACS servers respond
password Assign the privileged level password
secret Assign the privileged level secret
use-tacacs Use TACACS to check enable passwords

The following points describe the enable password parameters:

Last-resort Allows you to still enter the router if you set up authentication through a TACACS server and it’s not available. But it isn’t used if the TACACS server is working.

Password Sets the enable password on older, pre-10.3 systems, and isn’t ever used if an enable secret is set.

Secret Is the newer, encrypted password that overrides the enable password if it’s set.

A banner is more than just a little cool—one very good reason for having a banner is to give any and all who dare attempt to telnet or dial into your internetwork a little security notice.

And you can create a banner to give anyone who shows up on the router exactly the information you want them to have. Make sure you’re familiar with these four available banner types: exec process creation banner, incoming terminal line banner, login banner, and message of the day banner (all illustrated in the code below):

Router(config)#banner ?
LINE c banner-text c, where ‘c’ is a delimiting character
exec Set EXEC process creation banner
incoming Set incoming terminal line banner
login Set login banner
motd Set Message of the Day banner

Message of the day (MOTD) is the most extensively used banner. It gives a message to every person dialing into or connecting to the router via Telnet or auxiliary port, or even through a console port as seen here:

Router(config)#banner motd ?
LINE c banner-text c, where ‘c’ is a delimiting character
Router(config)#banner motd #
Enter TEXT message. End with the character ‘#’.
$ Type your motd banner here.
#
Router(config)#^Z
Router#
00:25:12: %SYS-5-CONFIG_I: Configured from console by console

You can set the identity of the router with the hostname command. This is only locally significant, which means that it has no bearing on how the router performs name lookups or how the router works on the internetwork.

Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname RouterA
Todd(config)#hostname RouterB
Atlanta(config)#

Even though it’s pretty tempting to configure the hostname after your own name, it’s definitely a better idea to name the router something pertinent to the location.

This is because giving it a hostname that’s somehow relevant to where the device actually lives will make finding it a whole lot easier.

And it also helps you confirm that you are, indeed, configuring the right device.

Learn more about cisco router configuration on how to setting up router banners here.

A router typically goes through five steps when booting up:

1. The router loads and runs POST (located in ROM), testing its hardware components, including memory and interfaces.
2. The bootstrap program is loaded and executed.
3. The bootstrap program finds and loads an IOS image: Possible locations of the IOS image include flash, a TFTP server, or the Mini-IOS in ROM.
4. Once the IOS is loaded, the IOS attempts to find and load a configuration file, which is normally stored in NVRAM if the IOS cannot find a configuration file, it starts up the System Configuration Dialog.
5. After the configuration is loaded, you are presented with the CLI interface (remember that the first mode you are placed into is User EXEC mode.

If you are connected to the console port, you’ll see the following output as your router boots up:

System Bootstrap, Version 11.0(10c), SOFTWARE
Copyright (c) 1986-1996 by cisco Systems
2500 processor with 6144 Kbytes of main memory
F3: 5593060+79544+421160 at 0×3000060
Cisco Internetwork Operating System Software
IOS ™ 2500 Software (C2500-I-L), Version 12.0(5)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Tue 15-Jun-99 19:49 by phanguye
Image text-base: 0×0302EC70, data-base: 0×00001000