| Your CCNA certification exam is likely going | | | | all telnetting users to be put into |
| to contain questions about Telnet, an | | | | privileged exec mode immediately without |
| application-level protocol that allows remote | | | | being prompted for an enable password, the |
| communication between two networking devices. | | | | command privilege level 15 placed on the VTY |
| With Telnet use being as common as it is, | | | | lines will accomplish this.R1(config)#line |
| you had better know the details of how to | | | | vty 0 4R1(config-line)#privilege level 15From |
| configure it in order to pass your CCNA exam | | | | R2, we'll telnet into R1 again.R2#telnet |
| and to work in real-world networks.The basic | | | | 172.12.123.1Trying 172.12.123.1 ... OpenUser |
| concept is pretty simple - we want to | | | | Access VerificationPassword:R1#We were able |
| configure R1, but we're at R2. If we telnet | | | | to telnet in from R2 with the original |
| successfully to R1, we will be able to | | | | password of "baseball", and even better, we |
| configure R1 if we've been given the proper | | | | were placed into privileged exec mode |
| permission levels. In this CCNA case study, | | | | immediately!You may or may not want to do |
| R2 has an IP address of 172.12.123.2 and R1 | | | | this in real-world networks, though. If you |
| an address of 172.12.123.1. Let's try to | | | | want to assign privilege levels on an |
| telnet from R2 to R1.R2#telnet | | | | individual user basis, configure usernames |
| 172.12.123.1Trying 172.12.123.1 ... | | | | and passwords and use the privilege 15 |
| OpenPassword required, but none | | | | command in the actual username/password |
| set[Connection to 172.12.123.1 closed by | | | | command itself to give this privilege levels |
| foreign host]This seems like a problem, but | | | | to some users but not all.R1(config)#username |
| it's a problem we're happy to have. A Cisco | | | | heidi password klumR1(config)#username tim |
| router will not let any user telnet to it by | | | | privilege 15 password gunnBoth users can |
| default. That's a good thing, because we | | | | telnet into the router, but the first user |
| don't want just anyone connecting to our | | | | will be placed into user exec and challenged |
| router! The "password required" message | | | | for the enable password to enter privileged |
| means that no password has been set on the | | | | exec mode. If there is no enable password, |
| VTY lines on R1. Let's do so | | | | the user literally cannot get into privileged |
| now.R1(config)#line vty 0 | | | | exec. The second user will be placed into |
| 4R1(config-line)#password baseballA password | | | | privileged exec immediately after |
| of "baseball" has been set on the VTY lines, | | | | successfully authenticating.Passwords on a |
| so we shouldn't have any trouble using Telnet | | | | Cisco router or switch are vitally important, |
| to get from R2 to R1. Let's try that | | | | and you're not tied down to granting |
| now.R2#telnet 172.12.123.1Trying 172.12.123.1 | | | | "all-or-nothing" access. Knowing the details |
| ... OpenUser Access | | | | like the ones shown here help you tie down |
| VerificationPassword:R1>We're in, and placed | | | | network security while allowing people to do |
| into user exec mode. Let's say we want to | | | | their jobs - and it doesn't hurt to know this |
| configure a new IP address on the ethernet | | | | stuff for the CCNA exam, either!Chris Bryant, |
| interface on R1. We'll now go into | | | | CCIE #12933, is the owner of The Bryant |
| privileged exec mode....R1>enable% No | | | | Advantage, home of over 100 free |
| password setR1>... or maybe we won't! The | | | | certification exam tutorials, including Cisco |
| default behavior of Telnet on a Cisco router | | | | CCNA certification test prep articles. His |
| is to place the incoming user into user exec | | | | exclusive Cisco CCNA study guide and Cisco |
| mode, and require an enable password to allow | | | | CCNA training is also available!Visit his |
| that user into privileged exec mode! Right | | | | blog and sign up for Cisco Certification |
| now, we can't configure anything on this | | | | Central, a daily newsletter packed with CCNA, |
| router and even the show commands we would | | | | Network+, Security+, A+, and CCNP |
| use are limited at best.If we wanted to allow | | | | certification exam practice questions! |