Access to the Switch

Unanswered Question
Oct 11th, 2007
User Badges:

I have a few questions regarding the below configurations:


line con 0

transport input none

stopbits 1

line vty 0 4

password 7 xxxxxxxxxx

line vty 5 15

password 7 yyyyyyyyyy


username pass password 7 zzzzzzzzz

enable secret vvvvvv


1) From these configurations, why we need to set both different passwords for vty 0 4 and vtp 5 15?


2) What is the purpose of divide it to two parts instead of using vty 0 15?


3) From this configuration, what is the password to access vty 0 4 and vty 5 15?

Is it sharing the same password?


4) Can i say that line vty is activate when we want to telnet to it? For line con 0, it is activate when we need to console in to the switch? But what is the password for line con?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Thu, 10/11/2007 - 04:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kianhong


1) you do not need separate passwords for vty 0 4 and vty 5 15. They can have the same password and I would recommend that they should have the same password. This is related to the answer to #2.


2) the purpose of divide it into 2 parts is for historical compatibility. For earlier IOS devices there were 5 vty ports (vty 0 4). The template for output of show run and show start still maintains vty 0 4 as it originally was and then show the other vty as if they were separate. But they really are not separate. You can verify this if you configure something on all vty in one command. For example if you configure this:

line vty 0 15

access-class 15 in

and then do show run you will see that access-class 15 is now configured on all the vty ports.


3) the 7 in the output indicates that the password has been encrypted. It is not difficult to break this encryption (it is not a strong encryption). Without knowing the encrypted value we can not tell whether it is the same password or not. But I would guess that it is the same password.


4)the vty will activate if you telnet to it. And the console is active if you plug a terminal into the console port. As configured there is no password for the console. As configured if you connect on the console you should go directly into user mode.


HTH


Rick

kian_hong2000 Thu, 10/11/2007 - 05:13
User Badges:

Thanks for your answer.


Can i say that both the password to access the vty 0 4 and vty 5 15 is zzzzzzzzz from this config?

Richard Burts Thu, 10/11/2007 - 07:14
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kianhong


I am not sure that I understand your question here. If you have the character strings for the passwords there are utilities that will decrypt them and show the password in clear text. So if you have the config and can get the character strings then you could determine whether vty 0 4 and vty 5 15 were using the same password.


HTH


Rick

Actions

This Discussion