Cisco CCNA Certification Exam Training: Telnet, Passwords, and Privilege Levels
- Date: 2006-11-21 - Word Count: 557
Share This!
Your CCNA certification exam is likely going to contain questions about Telnet, an application-level protocol that allows remote communication between two networking devices. With Telnet use being as common as it is, you had better know the details of how to configure it in order to pass your CCNA exam and to work in real-world networks.
The basic concept is pretty simple - we want to configure R1, but we're at R2. If we telnet successfully to R1, we will be able to configure R1 if we've been given the proper permission levels. In this CCNA case study, R2 has an IP address of 172.12.123.2 and R1 an address of 172.12.123.1. Let's try to telnet from R2 to R1.
R2#telnet 172.12.123.1
Trying 172.12.123.1 ... Open
Password required, but none set
[Connection to 172.12.123.1 closed by foreign host]
This seems like a problem, but it's a problem we're happy to have. A Cisco router will not let any user telnet to it by default. That's a good thing, because we don't want just anyone connecting to our router! The "password required" message means that no password has been set on the VTY lines on R1. Let's do so now.
R1(config)#line vty 0 4
R1(config-line)#password baseball
A password of "baseball" has been set on the VTY lines, so we shouldn't have any trouble using Telnet to get from R2 to R1. Let's try that now.
R2#telnet 172.12.123.1
Trying 172.12.123.1 ... Open
User Access Verification
Password:
R1>
We're in, and placed into user exec mode. Let's say we want to configure a new IP address on the ethernet interface on R1. We'll now go into privileged exec mode....
R1>enable
% No password set
R1>
... or maybe we won't! The default behavior of Telnet on a Cisco router is to place the incoming user into user exec mode, and require an enable password to allow that user into privileged exec mode! Right now, we can't configure anything on this router and even the show commands we would use are limited at best.
If we wanted to allow all telnetting users to be put into privileged exec mode immediately without being prompted for an enable password, the command privilege level 15 placed on the VTY lines will accomplish this.
R1(config)#line vty 0 4
R1(config-line)#privilege level 15
From R2, we'll telnet into R1 again.
R2#telnet 172.12.123.1
Trying 172.12.123.1 ... Open
User Access Verification
Password:
R1#
We were able to telnet in from R2 with the original password of "baseball", and even better, we were placed into privileged exec mode immediately!
You may or may not want to do this in real-world networks, though. If you want to assign privilege levels on an individual user basis, configure usernames and passwords and use the privilege 15 command in the actual username/password command itself to give this privilege levels to some users but not all.
R1(config)#username heidi password klum
R1(config)#username tim privilege 15 password gunn
Both users can telnet into the router, but the first user will be placed into user exec and challenged for the enable password to enter privileged exec mode. If there is no enable password, the user literally cannot get into privileged exec. The second user will be placed into privileged exec immediately after successfully authenticating.
Passwords on a Cisco router or switch are vitally important, and you're not tied down to granting "all-or-nothing" access. Knowing the details like the ones shown here help you tie down network security while allowing people to do their jobs - and it doesn't hurt to know this stuff for the CCNA exam, either!
The basic concept is pretty simple - we want to configure R1, but we're at R2. If we telnet successfully to R1, we will be able to configure R1 if we've been given the proper permission levels. In this CCNA case study, R2 has an IP address of 172.12.123.2 and R1 an address of 172.12.123.1. Let's try to telnet from R2 to R1.
R2#telnet 172.12.123.1
Trying 172.12.123.1 ... Open
Password required, but none set
[Connection to 172.12.123.1 closed by foreign host]
This seems like a problem, but it's a problem we're happy to have. A Cisco router will not let any user telnet to it by default. That's a good thing, because we don't want just anyone connecting to our router! The "password required" message means that no password has been set on the VTY lines on R1. Let's do so now.
R1(config)#line vty 0 4
R1(config-line)#password baseball
A password of "baseball" has been set on the VTY lines, so we shouldn't have any trouble using Telnet to get from R2 to R1. Let's try that now.
R2#telnet 172.12.123.1
Trying 172.12.123.1 ... Open
User Access Verification
Password:
R1>
We're in, and placed into user exec mode. Let's say we want to configure a new IP address on the ethernet interface on R1. We'll now go into privileged exec mode....
R1>enable
% No password set
R1>
... or maybe we won't! The default behavior of Telnet on a Cisco router is to place the incoming user into user exec mode, and require an enable password to allow that user into privileged exec mode! Right now, we can't configure anything on this router and even the show commands we would use are limited at best.
If we wanted to allow all telnetting users to be put into privileged exec mode immediately without being prompted for an enable password, the command privilege level 15 placed on the VTY lines will accomplish this.
R1(config)#line vty 0 4
R1(config-line)#privilege level 15
From R2, we'll telnet into R1 again.
R2#telnet 172.12.123.1
Trying 172.12.123.1 ... Open
User Access Verification
Password:
R1#
We were able to telnet in from R2 with the original password of "baseball", and even better, we were placed into privileged exec mode immediately!
You may or may not want to do this in real-world networks, though. If you want to assign privilege levels on an individual user basis, configure usernames and passwords and use the privilege 15 command in the actual username/password command itself to give this privilege levels to some users but not all.
R1(config)#username heidi password klum
R1(config)#username tim privilege 15 password gunn
Both users can telnet into the router, but the first user will be placed into user exec and challenged for the enable password to enter privileged exec mode. If there is no enable password, the user literally cannot get into privileged exec. The second user will be placed into privileged exec immediately after successfully authenticating.
Passwords on a Cisco router or switch are vitally important, and you're not tied down to granting "all-or-nothing" access. Knowing the details like the ones shown here help you tie down network security while allowing people to do their jobs - and it doesn't hurt to know this stuff for the CCNA exam, either!
Related Tags: certification, training, ccna, cisco, router, line, password, privilege, level, 15, telnet, vty
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of over 100 free certification exam tutorials, including Cisco CCNA certification test prep articles. His exclusive Cisco CCNA study guide and Cisco CCNA training is also available!Visit his blog and sign up for Cisco Certification Central, a daily newsletter packed with CCNA, Network+, Security+, A+, and CCNP certification exam practice questions! A free 7-part course, "How To Pass The CCNA", is also available, and you can attend an in-person or online CCNA boot camp with The Bryant Advantage! Your Article Search Directory : Find in Articles
Recent articles in this category:
- What Is An Sd Card? What Are Main Types Of Sd Cards
Manufactured as a competition offering to Sony's Memory Stick, the SD Card was developed by the SD C - Industrial Computers
In this day and age you can't afford to run an industry efficiently without a computer as it plays a - Computer Fix Services - Tips To Choose Good Quality Personal Computer Maintenance Online
Online computer repair services have become a fast and reliable problem solution for day to day tech - Reverse Engineering Romer For Aerospace
One of the most amazing things about reverse engineering is its significant contribution in any fiel - How To Buy The Best Projector Bulb
It is very important for you to know the right time to change the projector bulb before it will burn - Laptops Vs Desktops- Their Significance
Computers obviously are commonly used for more or less everything from entertainment to office work. - Cooling Your Laptop
It is common knowledge that laptops are commonly used by everyone but one must also know how to take - Dymo Labelwriter Fast Performance & Reliability
I don't think I'm the only one who has gotten tired of trips to the post office, standing in endless - Buying Dell Laptops A Long Time Investment
Today if you go to an office or a school, Dell laptops can be seen very commonly. Though we do not b - Hard Drives - Digital Space
The first hard drives (Hard Disk Drives, HDD) were developed by IBM in 1956. Since then the need for
Most viewed articles in this category:
- Video Killed the Beautiful View
"The sound brought our group to a stop; we turned around to see the ice mass collapse with a roar. A - Crossfire: The Dual GPU System Gamers Want
CrossFire is the new dual graphics card system from ATI. It offers remarkable image quality improvem - Canon PIXMA IP1600 Photo Printer Review & Its True Cost of Ownership
With Canon PIXMA iP1600 Inkjet Printer you can make high quality photo printings at home. No need to - Basic Information about Nero Burn DVD
Nero is a popular burning ROM designed to burn DVD's. The way this product got its name is very inte - The Development of the Vital IBM PC in Spite of the Corporate Culture of IBM
The public history of the PC began in August 1981, when IBM first announced "The IBM Personal Comput - PC Repairs
PC Repairs are often needed when we need our computer the most. One way to take away many problems o - Affordable Computer Printer Ink
The computer - once considered a luxury item - has easily become a staple in today's modern homes; a - Build your Own PC
Build your own PC! Simple and Fun. Just follow these instructions and you're on your way to a rel - Extending the Life of an Inkjet Printer with Proper Cleaning and Maintenance
Inkjet printers are becoming another "throw away" electronic device due to reducing costs and high i - Check Printers
A check printer is a printer that hooks up to a computer that has the capability of printing checks.