Changing Cisco Switch

Answered Question
Jan 28th, 2008
User Badges:

Hi,


i want to change the telnet password for cisco switches 2950 & 2970, what is the command please ?



Correct Answer by royalblues about 9 years 6 months ago

If you use line vty 0 15, the configs will be applied to all the vty ports


under global configuration use the command

"service password-encryption"


This will encrypt the password


HTH

Narayan

Correct Answer by royalblues about 9 years 6 months ago

It just the number of terminal lines that are supported on the platform.


All new devices have 16 TTY ports while the old ones just had 5


HTH

Narayan

Correct Answer by royalblues about 9 years 6 months ago


line vty 0 4

password


wr mem


Narayan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
royalblues Mon, 01/28/2008 - 07:20
User Badges:
  • Green, 3000 points or more


line vty 0 4

password


wr mem


Narayan

majdalani Mon, 01/28/2008 - 07:24
User Badges:

Hi Thanks,


whats the difference between :


line vty 0 4


and



line vty 0 15 ??

Correct Answer
royalblues Mon, 01/28/2008 - 07:29
User Badges:
  • Green, 3000 points or more

It just the number of terminal lines that are supported on the platform.


All new devices have 16 TTY ports while the old ones just had 5


HTH

Narayan

majdalani Mon, 01/28/2008 - 07:36
User Badges:

Hi Narayan,


Thanks,


so if i used any it wont be any difference !



royalblues Mon, 01/28/2008 - 07:38
User Badges:
  • Green, 3000 points or more

The configurations will be applied to only those ports mentioned in the command


eg. if you have 16 vty lines and you configure

line vty 0 4

password


then the password wont be applied to the lines 5 to 15


HTH

Narayan

majdalani Mon, 01/28/2008 - 07:45
User Badges:

Hi thanks for your quick replies.


does this mean users will still be able to telnet the switch thru these lines ?

royalblues Mon, 01/28/2008 - 07:49
User Badges:
  • Green, 3000 points or more

Yes..


It is always a best practice to apply these configurations on all the TTY ports


Narayan

majdalani Mon, 01/28/2008 - 07:56
User Badges:

WOW !!


u mean i will have to go :


line vty 0 1

line vty 0 2

.

.

.

line vty 0 16


?


2nd question please, i have applied : live vty 0 15


when i run the show run command, i can see the telnet password, how can i encrypt it , so that the person setting next to me does it read it in plain english ?

Correct Answer
royalblues Mon, 01/28/2008 - 08:00
User Badges:
  • Green, 3000 points or more

If you use line vty 0 15, the configs will be applied to all the vty ports


under global configuration use the command

"service password-encryption"


This will encrypt the password


HTH

Narayan

majdalani Mon, 01/28/2008 - 08:25
User Badges:

Thanks,


will this encrypt the enable password as well ?

Kevin Dorrell Mon, 01/28/2008 - 08:40
User Badges:
  • Green, 3000 points or more

Yes it will, but you are probably already using an enable secret, which is already encrypted as standard, and much more securely.


Password encryption is pretty weak - there are loads of tools on the Internet to crack them in no time at all. If there is any possibility that someone gets hold of your config listings, you are better off defining a "secret" for each user rather than a "password". (Or even using an authentication server, but that will start getting more complicated and expensive.)


Encrypted passwords are tagged with a '7' in the config listing, and are weak. Secrets are tagged with a '5' and are quite a lot stronger.


Kevin Dorrell

Luxembourg


majdalani Mon, 01/28/2008 - 09:02
User Badges:

hi,


this is now my configuration :


line con 0

line vty 0 4

password mypass

login

line vty 5 15

password mypass

login


as u can see there are 2 lines line vty .


my boss configured the switches, when i asked him what did u insert as a commands, he told me as follows :


line vty o 15

login

password mypass

exit

enable secret mypass


what is the first password for and what is the second password for ?

royalblues Mon, 01/28/2008 - 20:47
User Badges:
  • Green, 3000 points or more

THe first password is the telnet or the user level password and the second one is the privilege password


HTH

Narayan

majdalani Tue, 01/29/2008 - 03:20
User Badges:

Hi,


my boss is entering : line vty 0 15 for the telnet command , why then in the show run , it is showing line vty 0 4 ?

Kevin Dorrell Tue, 01/29/2008 - 05:49
User Badges:
  • Green, 3000 points or more

vty 0 15 means vty lines 0 to 15 inclusive. Any commants you enter after that will be applied to all 16 of those lines.


However, when you show an IOS configuration, it shows vty lines 0 to 4 seperately from lines 5 to 15, even if the configurations on the two ranges are identical. Not sure why, but it has always done that.


For example, if you do line vty 5 7 and you enter some (different) commands, you will get three blocks in config: line vty 0 4, then line vty 5 7, then line vty 8 15. That is, it groups them together if it can, except that lines vty 0 to 4 are kept seperate from the rest.


It is only cosmetic.


Kevin Dorrell

Luxembourg




Actions

This Discussion