10-23-2019 05:43 PM - edited 10-23-2019 06:13 PM
Hi All,
I want to access my switch (currently installed at a remote location) from my office and I want to enable both telnet and SSH access on it with the following credential:-
telnet password :- cisco 12345
ssh credentials :- username cisco privilege 15 secret cisco123
At the moment, when I am connecting through telnet its asking for a username and password and if I type SSH credentials, I can login but I dont want that, I want to use the telnet password to login, so please tell me the correct way to configure the switch.
Regards,
Vis
Solved! Go to Solution.
10-24-2019 04:22 AM
Hi @Visauk47
The login local command indicates that vty connections will use the local parameters (username + password) for logging.
If you want to use only the password of the vty lines, the login command must exist only, but that will disable the use of SSH.
Therefore, in order to use Telnet and SSH at the same time, you must use the parameters indicated locally (username + password).
Regards
10-23-2019 06:13 PM
10-23-2019 06:21 PM
Sure, here is the config:
!
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname MCA1
!
boot-start-marker
boot-end-marker
!
logging buffered 16000
no logging console
enable secret 5 $1$Te8m$V6a6778d8m$Vsdfgdf
!
username cisco privilege 15 secret 5 $1$mwSWjkjrtyr$TRn0Rd
no aaa new-model
clock timezone NZT 12 0
clock summer-time NZT recurring 4 Sun Sep 2:00 1 Sun Apr 2:00
system mtu routing 1500
!
!
ip domain-name testrouter.com.au
ip name-server 1.1.1.1
ip name-server 1.1.1.1
vtp domain MCA1
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-369206784
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-369206784
revocation-check none
rsakeypair TP-self-signed-369206784
!
!
crypto pki certificate chain TP-self-signed-369206784
certificate self-signed 01 nvram:IOS-Self-Sig#4.cer
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
vlan internal allocation policy ascending
!
vlan 42
name data
!
vlan 342
name voice
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 42
switchport trunk allowed vlan 42,342
switchport mode trunk
mls qos trust dscp
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 42
switchport trunk allowed vlan 42,342
switchport mode trunk
mls qos trust dscp
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 42
switchport trunk allowed vlan 42,342
switchport mode trunk
mls qos trust dscp
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet0/4
switchport trunk encapsulation dot1q
switchport trunk native vlan 42
switchport trunk allowed vlan 42,342
switchport mode trunk
mls qos trust dscp
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 42
switchport trunk allowed vlan 42,342
switchport mode trunk
mls qos trust dscp
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
switchport trunk encapsulation dot1q
switchport trunk native vlan 42
switchport trunk allowed vlan 42,342
switchport mode trunk
mls qos trust dscp
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet0/7
switchport trunk encapsulation dot1q
switchport trunk native vlan 42
switchport trunk allowed vlan 42,342
switchport mode trunk
mls qos trust dscp
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk native vlan 42
switchport trunk allowed vlan 42,342
switchport mode trunk
mls qos trust dscp
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet0/9
switchport trunk encapsulation dot1q
switchport trunk native vlan 42
switchport trunk allowed vlan 42,342
switchport mode trunk
mls qos trust dscp
spanning-tree portfast trunk
spanning-tree bpduguard enable
!
interface GigabitEthernet0/10
description *** Uplink to Testrouter2 G1/0/17 ***
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 42,342
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan42
ip address 1.1.1.1 255.255.255.0
no ip route-cache
!
ip default-gateway 2.2.2.2
ip http server
ip http secure-server
!
!
!
snmp-server community ROUTER
snmp-server location *** Finance Building ***
snmp-server contact IS Network Group
snmp-server host 1.1.1.1 router sm
!
!
line con 0
exec-timeout 0 0
password 7 105E1C1702121C1F5656565C55
login
line vty 0 4
exec-timeout 5 0
password 7 044B1E5656565080824425A5948
login local
length 0
transport input telnet ssh
line vty 5 15
exec-timeout 5 0
login local
length 0
transport input telnet ssh
!
end
10-24-2019 04:22 AM
Hi @Visauk47
The login local command indicates that vty connections will use the local parameters (username + password) for logging.
If you want to use only the password of the vty lines, the login command must exist only, but that will disable the use of SSH.
Therefore, in order to use Telnet and SSH at the same time, you must use the parameters indicated locally (username + password).
Regards
10-28-2019 02:27 PM
Thanks.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide