Solved: Changing Cisco Switch

majdalani · ‎01-28-2008

Hi,

i want to change the telnet password for cisco switches 2950 & 2970, what is the command please ?

royalblues · ‎01-28-2008

line vty 0 4

password

wr mem

Narayan

View solution in original post

royalblues · ‎01-28-2008

It just the number of terminal lines that are supported on the platform.

All new devices have 16 TTY ports while the old ones just had 5

HTH

Narayan

View solution in original post

royalblues · ‎01-28-2008

If you use line vty 0 15, the configs will be applied to all the vty ports

under global configuration use the command

"service password-encryption"

This will encrypt the password

HTH

Narayan

View solution in original post

royalblues · ‎01-28-2008

line vty 0 4

password

wr mem

Narayan

majdalani · ‎01-28-2008

Hi Thanks,

whats the difference between :

line vty 0 4

and

line vty 0 15 ??

royalblues · ‎01-28-2008

It just the number of terminal lines that are supported on the platform.

All new devices have 16 TTY ports while the old ones just had 5

HTH

Narayan

majdalani · ‎01-28-2008

Hi Narayan,

Thanks,

so if i used any it wont be any difference !

royalblues · ‎01-28-2008

The configurations will be applied to only those ports mentioned in the command

eg. if you have 16 vty lines and you configure

line vty 0 4

password

then the password wont be applied to the lines 5 to 15

HTH

Narayan

majdalani · ‎01-28-2008

Hi thanks for your quick replies.

does this mean users will still be able to telnet the switch thru these lines ?

royalblues · ‎01-28-2008

Yes..

It is always a best practice to apply these configurations on all the TTY ports

Narayan

majdalani · ‎01-28-2008

WOW !!

u mean i will have to go :

line vty 0 1

line vty 0 2

.

line vty 0 16

?

2nd question please, i have applied : live vty 0 15

when i run the show run command, i can see the telnet password, how can i encrypt it , so that the person setting next to me does it read it in plain english ?

royalblues · ‎01-28-2008

If you use line vty 0 15, the configs will be applied to all the vty ports

under global configuration use the command

"service password-encryption"

This will encrypt the password

HTH

Narayan

majdalani · ‎01-28-2008

Thanks,

will this encrypt the enable password as well ?

Kevin Dorrell · ‎01-28-2008

Yes it will, but you are probably already using an enable secret, which is already encrypted as standard, and much more securely.

Password encryption is pretty weak - there are loads of tools on the Internet to crack them in no time at all. If there is any possibility that someone gets hold of your config listings, you are better off defining a "secret" for each user rather than a "password". (Or even using an authentication server, but that will start getting more complicated and expensive.)

Encrypted passwords are tagged with a '7' in the config listing, and are weak. Secrets are tagged with a '5' and are quite a lot stronger.

Kevin Dorrell

Luxembourg

majdalani · ‎01-28-2008

hi,

this is now my configuration :

line con 0

line vty 0 4

password mypass

login

line vty 5 15

password mypass

login

as u can see there are 2 lines line vty .

my boss configured the switches, when i asked him what did u insert as a commands, he told me as follows :

line vty o 15

login

password mypass

exit

enable secret mypass

what is the first password for and what is the second password for ?

royalblues · ‎01-28-2008

THe first password is the telnet or the user level password and the second one is the privilege password

HTH

Narayan

majdalani · ‎01-29-2008

Hi,

my boss is entering : line vty 0 15 for the telnet command , why then in the show run , it is showing line vty 0 4 ?