Cisco CCENT 640-822 Certification Exam Training : Telnet And VTY Line Passwords

Knowing the benefits and potential issues with Telnet connections is not only an important part of your CCNA and CCENT studies, but this is knowledge that's very practical for use in production networks.

When you're connecting to a Cisco router or switch, you're going to use one of two methods:

- Physically connecting a laptop to the switch
- Connecting from a remote location via Telnet or SSH

We're going to telnet from one Cisco router to another in this example, but there is one major rule that holds true for any Telnet configuration on a Cisco router or switch: You must configure a password, and without a password, no user will be able to telnet to a Cisco router or switch!

In the following example, I've attempted to telnet to a Cisco router that has no VTY line password set.

R1#telnet 172.12.123.3
Trying 172.12.123.3 ... Open
Password required, but none set
[Connection to 172.12.123.3 closed by foreign host]

In another CCNA / CCENT tutorial, we saw that the console port didn't require a password. There is a little basic security in place when using the console port, since the user has to physically be present in order to access the router. Hopefully your server room has enough physical security in place to prevent someone from just walking in and connecting to a router!

With Telnet connections, though, the user doesn't have to be present - that's the reason we use it in the first place! We certainly don't want just anyone connecting to our network, so Cisco routers and switches require a password to be set for Telnet access; failure to set one results in a message like the one we just saw.

So... let's set a Telnet password! On a Cisco router, the password portion of the configuration will look almost the same as it does on a switch.

line con 0
line aux 0
line vty 0 4

To configure a Telnet password, we need to concern ourselves with that "line vty 0 4" section. The vty lines are the virtual terminal lines, and it's those lines that are used for Telnet. To configure a password on all five vty lines at once, just use this configuration:

R3(config)#line vty 0 4
R3(config-line)#password CCENT
R3(config-line)#login

Now what happens when we try to telnet from R1 to R3 again?

R1#telnet 172.12.123.3
Trying 172.12.123.3 ... Open
User Access Verification
Password:
R3>

Success! We were prompted for the password, and after we entered it, we're now in R3 as indicated by the prompt.

About the password entry process...some vendors have asterisks appear as you enter a password, but Cisco routers and switches do not. You will not see any characters appear as you enter that password.

Take a look at the prompts in the password entry example. Note that R1 has a pound sign after "R1", but that R3 has a "greater than" symbol. Before we continue our Telnet discussion, we're going to talk about router and switch modes and what those particular symbols indicate.