cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
71186
Views
5
Helpful
7
Replies

enable telnet access

olakunle06
Level 1
Level 1

Hi everyone,

please can anyone help with commands on how to configure telnet access on a router.

7 Replies 7

a.alekseev
Level 7
Level 7

ena sec xxx

line vty 0 4

pass www

login

transport input telnet

logg sync

michael.leblanc
Level 4
Level 4

If you want, you could supplement Aleksey's configuration with the following to restrict Telnet access to a specific management station, and establish an idle timeout on the VTY lines:

access-list 100 remark --- VTY access from Network Management Station.

access-list 100 permit tcp host 192.168.100.20 any eq 23 log

access-list 100 deny ip any any log

Note: Replace 192.168.100.20 with the address of your management station.

Note: TCP port 23 above, is the Telnet port.

Edit: Make sure you use a different ACL number if 100 is already in use.

line vty 0 4

access-class 100 in

exec-timeout 9 0

Your interface ACL (if implemented) will also need to accommodate inbound Telnet.

Hi,

To try and summarize the whole story.

Access control can be done in 4 fashions:

1. No kind of security, using "no login" under the VTYs, this will enable you to login without any kind of passwords.

2. Just use VTY and enable passwords.

3. Use local usernames and passwords on the router.

4. Use AAA.

The second case is easy:

enable secret xxxx

line vty 0 4

login

password xxxxx

The third case:

username xxxx password xxxx

enable secret xxxx

line vty 0 4

login local

The fourth case see AAA.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a7.html

NOTE We can use an access-class to restrict the access over the VTY using an ACL, as Michael has illustrated.

Another important thing to take care of, if no enable password is enabled then you can never go to enable mode (unlike console, where you can go in without having an enable password). If neither the enable password command nor the enable secret command is configured, and if there is a line password configured for the console, the console line password will serve as the enable password for all VTY (Telnet and Secure Shell [SSH]) sessions.

I hope that i've been informative.

BR,

Mohammed Mahmoud.

please i have configured the telnet access on both routers now,but i could only telnet from router 2 to 1 and cannot telnet from 1 to 2. pls can anyone suggest what went wrong and the solution

You've not indicated "which" commands you implemented, whether ACLs are implemented, or anything related to your network topology.

You need to be more informative if you want assistance.

ena sec xxx

i used the command above and ik cant access from R1 to R2 but could telnet from R2 to R1

line vty 0 4

pass www

login

transport input telnet

logg sync

johnlloyd_13
Level 9
Level 9

you can also add service password-encryption and enable secret global config commands for security reasons..

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco