cisco hands-on experience


telnet access line vty 0 15

Prepare a cisco switch for telnet/ssh access (telnet access line vty 0 15)

Everytime i have to prepare a cisco switch for telnet or ssh access i wondering, what i really need to
configure proper. It’s a simple thing, but when you need this rarely, i always ‘trial and error’ and this
gets me to be aggressive.

So i decide to write a short compilation to fresh up my mind as needed.

First i will give a preface over the 3 kinds of access on a Catalyst 3560

Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(58)SE5, RELEASE SOFTWARE (fc1)

show line vty 0 15 settings

Cat3560#sh run | b con 0
line con 0
line vty 5 15
!
end

Nothing is configured for telnet

the following lists 3 cases/types – Cat3560(config)#line vty 0 15
Cat3560(config-line)#login ?
  1. without ‘login'(#no login) there is no chance to access the switch via telnet.
    The command prompt output is “Password required, but none set. You must set an enable password to access the switch
  2. with ‘login’ there must be set a password. After that the enable password is required
  3. with ‘login local’ a local user is required to grand access



In order to play through above-named cases, prepare the switch at ‘line vty 0 15’
for the preconfigure.

activate transport

Cat3560#conf t
Cat3560(config)#line vty 0 15
Cat3560(config-line)#transport input ?
all All protocols
none No protocols
telnet TCP/IP Telnet protocol

We choose the option ‘all’. With telnet – only ‘telnet’ is allowed. With ‘all’ ssh and telnet is allowed.
With ‘none’ – telnet and ssh is deactivated.

activate the switch for ssh

Cat3560(config)#crypto key generate rsa
% Please define a domain-name first.
Cat3560(config)#ip domain-name telnet.com
Cat3560(config)#crypto key generate rsa
The name for the keys will be: Cat3560.telnet.com
Choose the size of the key modulus in the range of 360 to 4096 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…
[OK] (elapsed time was 3 seconds)

At least configure an ip address (for example for vlan1)
ip address vlan 1

Cat3560(config)#
Cat3560(config)#int vlan1
Cat3560(config-if)#ip address 10.10.10.10 255.255.255.0
Cat3560(config-if)#no shut
Cat3560(config-if)#

Case 1.
Case 1
Cat3560#sh run | b con 0
line con 0
logging synchronous
line vty 0 4
no login
transport input none
line vty 5 15
no login
transport input none
!
end

+++ Try to establish a connection +++

Cat3560>en
% No password set
Cat3560>

Set the an enable password

Cat3560(config)#enable secret cisco456

+++ Try to establish a connection again+++

Cat3560>en
Password: cisco456
Cat3560#

Case 2.
Case 2

Cat3560(config)#line vty 0 15
Cat3560(config-line)#login
% Login disabled on line 1, until ‘password’ is set
% Login disabled on line 2, until ‘password’ is set
% Login disabled on line 3, until ‘password’ is set
% Login disabled on line 4, until ‘password’ is set
% Login disabled on line 5, until ‘password’ is set
% Login disabled on line 6, until ‘password’ is set
% Login disabled on line 7, until ‘password’ is set
% Login disabled on line 8, until ‘password’ is set
% Login disabled on line 9, until ‘password’ is set
% Login disabled on line 10, until ‘password’ is set
% Login disabled on line 11, until ‘password’ is set
% Login disabled on line 12, until ‘password’ is set
% Login disabled on line 13, until ‘password’ is set
% Login disabled on line 14, until ‘password’ is set
% Login disabled on line 15, until ‘password’ is set
% Login disabled on line 16, until ‘password’ is set

+++ Try to establish a connection +++

Password required, but none set

Cat3560(config-line)#password cisco123
Cat3560(config-line)#

+++ Try to establish a connection again +++

Password: cisco123
Cat3560>en
Password: cisco456
Cat3560#
Cat3560#
Cat3560#

Case 3.
Case 3

Cat3560(config-line)#
Cat3560(config-line)#login local
Cat3560(config-line)#

+++ Try to establish a connection +++

Username:
% Username: timeout expired!
Username: something
Password:
% Login invalid

Username:

Cat3560(config)#
Cat3560(config)#username cisco privilege 15 password cisco678
Cat3560(config)#

+++ Try to establish a connection again+++

User Access Verification

Username: cisco
Password: cisco678
Cat3560#
Cat3560#
Cat3560#

  1. Shevchenko Reply

    Woah! I’m really enojying the template/theme of this blog. It’s simple, yet effective. A lot of times it’s challenging to get that perfect balance between usability and visual appeal. I must say you’ve done a superb job with this. Also, the blog loads very quick for me on Chrome. Outstanding Blog!

    • George Reply

      Thanks for your commendation. Very kind of you.

Leave a Reply

*

captcha *