Cisco CCNA Certification Exam Training: Telnet, Passwords, and Privilege Levels

Your CCNA certification exam is likely going toprivileged exec mode immediately without being
contain questions about Telnet, an application-levelprompted for an enable password, the command
protocol that allows remote communication betweenprivilege level 15 placed on the VTY lines will
two networking devices. With Telnet use being asaccomplish this.R1(config)#line vty 0
common as it is, you had better know the details of4R1(config-line)#privilege level 15From R2, we'll telnet
how to configure it in order to pass your CCNAinto R1 again.R2#telnet 172.12.123.1Trying 172.12.123.1 ...
exam and to work in real-world networks.The basicOpenUser Access VerificationPassword:R1#We were
concept is pretty simple - we want to configure R1,able to telnet in from R2 with the original password
but we're at R2. If we telnet successfully to R1, weof "baseball", and even better, we were placed into
will be able to configure R1 if we've been given theprivileged exec mode immediately!You may or may
proper permission levels. In this CCNA case study, R2not want to do this in real-world networks, though. If
has an IP address of 172.12.123.2 and R1 an addressyou want to assign privilege levels on an individual
of 172.12.123.1. Let's try to telnet from R2 touser basis, configure usernames and passwords and
R1.R2#telnet 172.12.123.1Trying 172.12.123.1 ...use the privilege 15 command in the actual username
OpenPassword required, but none set[Connection topassword command itself to give this privilege levels
172.12.123.1 closed by foreign host]This seems like ato some users but not all.R1(config)#username heidi
problem, but it's a problem we're happy to have. Apassword klumR1(config)#username tim privilege 15
Cisco router will not let any user telnet to it bypassword gunnBoth users can telnet into the router,
default. That's a good thing, because we don't wantbut the first user will be placed into user exec and
just anyone connecting to our router! The "passwordchallenged for the enable password to enter
required" message means that no password hasprivileged exec mode. If there is no enable password,
been set on the VTY lines on R1. Let's do sothe user literally cannot get into privileged exec. The
now.R1(config)#line vty 0 4R1(config-line)#passwordsecond user will be placed into privileged exec
baseballA password of "baseball" has been set on theimmediately after successfully
VTY lines, so we shouldn't have any trouble usingauthenticating.Passwords on a Cisco router or switch
Telnet to get from R2 to R1. Let's try thatare vitally important, and you're not tied down to
now.R2#telnet 172.12.123.1Trying 172.12.123.1 ...granting "all-or-nothing" access. Knowing the details
OpenUser Access VerificationPassword:R1>We're in,like the ones shown here help you tie down network
and placed into user exec mode. Let's say we wantsecurity while allowing people to do their jobs - and it
to configure a new IP address on the ethernetdoesn't hurt to know this stuff for the CCNA exam,
interface on R1. We'll now go into privileged execeither!Chris Bryant, CCIE #12933, is the owner of
mode....R1>enable% No password setR1>... or maybeThe Bryant Advantage, home of over 100 free
we won't! The default behavior of Telnet on a Ciscocertification exam tutorials, including Cisco CCNA
router is to place the incoming user into user execcertification test prep articles. His exclusive Cisco
mode, and require an enable password to allow thatCCNA study guide and Cisco CCNA training is also
user into privileged exec mode! Right now, we can'tavailable!Visit his blog and sign up for Cisco
configure anything on this router and even the showCertification Central, a daily newsletter packed with
commands we would use are limited at best.If weCCNA, Network+, Security+, A+, and CCNP
wanted to allow all telnetting users to be put intocertification exam practice questions!