| Your CCNA certification exam is likely going to | | | | privileged exec mode immediately without being |
| contain questions about Telnet, an application-level | | | | prompted for an enable password, the command |
| protocol that allows remote communication between | | | | privilege level 15 placed on the VTY lines will |
| two networking devices. With Telnet use being as | | | | accomplish this.R1(config)#line vty 0 |
| common as it is, you had better know the details of | | | | 4R1(config-line)#privilege level 15From R2, we'll telnet |
| how to configure it in order to pass your CCNA | | | | into R1 again.R2#telnet 172.12.123.1Trying 172.12.123.1 ... |
| exam and to work in real-world networks.The basic | | | | OpenUser Access VerificationPassword:R1#We were |
| concept is pretty simple - we want to configure R1, | | | | able to telnet in from R2 with the original password |
| but we're at R2. If we telnet successfully to R1, we | | | | of "baseball", and even better, we were placed into |
| will be able to configure R1 if we've been given the | | | | privileged exec mode immediately!You may or may |
| proper permission levels. In this CCNA case study, R2 | | | | not want to do this in real-world networks, though. If |
| has an IP address of 172.12.123.2 and R1 an address | | | | you want to assign privilege levels on an individual |
| of 172.12.123.1. Let's try to telnet from R2 to | | | | user basis, configure usernames and passwords and |
| R1.R2#telnet 172.12.123.1Trying 172.12.123.1 ... | | | | use the privilege 15 command in the actual username |
| OpenPassword required, but none set[Connection to | | | | password command itself to give this privilege levels |
| 172.12.123.1 closed by foreign host]This seems like a | | | | to some users but not all.R1(config)#username heidi |
| problem, but it's a problem we're happy to have. A | | | | password klumR1(config)#username tim privilege 15 |
| Cisco router will not let any user telnet to it by | | | | password gunnBoth users can telnet into the router, |
| default. That's a good thing, because we don't want | | | | but the first user will be placed into user exec and |
| just anyone connecting to our router! The "password | | | | challenged for the enable password to enter |
| required" message means that no password has | | | | privileged exec mode. If there is no enable password, |
| been set on the VTY lines on R1. Let's do so | | | | the user literally cannot get into privileged exec. The |
| now.R1(config)#line vty 0 4R1(config-line)#password | | | | second user will be placed into privileged exec |
| baseballA password of "baseball" has been set on the | | | | immediately after successfully |
| VTY lines, so we shouldn't have any trouble using | | | | authenticating.Passwords on a Cisco router or switch |
| Telnet to get from R2 to R1. Let's try that | | | | are vitally important, and you're not tied down to |
| now.R2#telnet 172.12.123.1Trying 172.12.123.1 ... | | | | granting "all-or-nothing" access. Knowing the details |
| OpenUser Access VerificationPassword:R1>We're in, | | | | like the ones shown here help you tie down network |
| and placed into user exec mode. Let's say we want | | | | security while allowing people to do their jobs - and it |
| to configure a new IP address on the ethernet | | | | doesn't hurt to know this stuff for the CCNA exam, |
| interface on R1. We'll now go into privileged exec | | | | either!Chris Bryant, CCIE #12933, is the owner of |
| mode....R1>enable% No password setR1>... or maybe | | | | The Bryant Advantage, home of over 100 free |
| we won't! The default behavior of Telnet on a Cisco | | | | certification exam tutorials, including Cisco CCNA |
| router is to place the incoming user into user exec | | | | certification test prep articles. His exclusive Cisco |
| mode, and require an enable password to allow that | | | | CCNA study guide and Cisco CCNA training is also |
| user into privileged exec mode! Right now, we can't | | | | available!Visit his blog and sign up for Cisco |
| configure anything on this router and even the show | | | | Certification Central, a daily newsletter packed with |
| commands we would use are limited at best.If we | | | | CCNA, Network+, Security+, A+, and CCNP |
| wanted to allow all telnetting users to be put into | | | | certification exam practice questions! |