Re: Does Cisco Device uses console password for vty login in any condition?

alihassan1618 · ‎07-14-2019

Hi Guys, i was studying about troubleshooting if someone wrongly configured the Cisco router/switch and sent to the remote location, then how can he/she get access to the device when it's live on WAN.

Suppose If both commands (enable password and enable secret) are missing from the configuration of the device, then vty lines use the console password? Answer with valid reference will be appreciated. Thanks.

Georg Pauwen · ‎07-14-2019

Hello,

not sure what you are after, but under normal circumstances you would always have a local admin account:

username admin privilege 15 password 0 cisco

If that is not configured, the only way to get full access through a VTY line is to configure the lines as below:

line vty 0 4
privilege level 15
password cisco
login
transport input all

Martin L · ‎07-14-2019

you will not have access to privilege (enable) mode of CLI If both commands (enable password and enable secret) are missing from the configuration of the device. you may have access to user mode (few show commands are there)

vty lines use login password to get access via telnet /ssh access. if u have password under vty lines, you will be able to use telnet but then u need enable password.
you can add no login under vty line for telnet not to check for password.

here are some examples:
without any password but login under vty lines:
line vty 0 4
login

you will get
C:\>telnet 15.0.0.1
Trying 15.0.0.1 ...Open

[Connection to 15.0.0.1 closed by foreign host]

with password under vty lines, u get to user mode but not enable mode (privileged mode) since there is no password enable or secret

Router>
Router>enable
% No password set.

if u add privilege level x under vty lines, you will get access straight to privilege mode

login local command under vty lines will check for user name and password, so your device would need username admin password cisco command