Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
75014
Views
5
Helpful
7
Replies

enable telnet access

olakunle06
Level 1
Level 1

‎07-08-2008 11:38 PM - edited ‎03-06-2019 12:04 AM

Hi everyone,

please can anyone help with commands on how to configure telnet access on a router.

Labels:
0 Helpful
7 Replies 7

a.alekseev
Level 7
Level 7

‎07-08-2008 11:44 PM

ena sec xxx

line vty 0 4

pass www

login

transport input telnet

logg sync

michael.leblanc
Level 4
Level 4

‎07-09-2008 06:49 AM

If you want, you could supplement Aleksey's configuration with the following to restrict Telnet access to a specific management station, and establish an idle timeout on the VTY lines:

access-list 100 remark --- VTY access from Network Management Station.

access-list 100 permit tcp host 192.168.100.20 any eq 23 log

access-list 100 deny ip any any log

Note: Replace 192.168.100.20 with the address of your management station.

Note: TCP port 23 above, is the Telnet port.

Edit: Make sure you use a different ACL number if 100 is already in use.

line vty 0 4

access-class 100 in

exec-timeout 9 0

Your interface ACL (if implemented) will also need to accommodate inbound Telnet.

0 Helpful

mohammedmahmoud
Level 11
Level 11
In response to michael.leblanc

‎07-10-2008 03:41 AM

Hi,

To try and summarize the whole story.

Access control can be done in 4 fashions:

1. No kind of security, using "no login" under the VTYs, this will enable you to login without any kind of passwords.

2. Just use VTY and enable passwords.

3. Use local usernames and passwords on the router.

4. Use AAA.

The second case is easy:

enable secret xxxx

line vty 0 4

login

password xxxxx

The third case:

username xxxx password xxxx

enable secret xxxx

line vty 0 4

login local

The fourth case see AAA.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7a7.html

NOTE We can use an access-class to restrict the access over the VTY using an ACL, as Michael has illustrated.

Another important thing to take care of, if no enable password is enabled then you can never go to enable mode (unlike console, where you can go in without having an enable password). If neither the enable password command nor the enable secret command is configured, and if there is a line password configured for the console, the console line password will serve as the enable password for all VTY (Telnet and Secure Shell [SSH]) sessions.

I hope that i've been informative.

BR,

Mohammed Mahmoud.

0 Helpful

olakunle06
Level 1
Level 1
In response to mohammedmahmoud

‎07-10-2008 07:49 AM

please i have configured the telnet access on both routers now,but i could only telnet from router 2 to 1 and cannot telnet from 1 to 2. pls can anyone suggest what went wrong and the solution

0 Helpful

michael.leblanc
Level 4
Level 4
In response to olakunle06

‎07-10-2008 10:53 AM

You've not indicated "which" commands you implemented, whether ACLs are implemented, or anything related to your network topology.

You need to be more informative if you want assistance.

0 Helpful

olakunle06
Level 1
Level 1
In response to michael.leblanc

‎07-10-2008 11:36 AM

ena sec xxx

i used the command above and ik cant access from R1 to R2 but could telnet from R2 to R1

line vty 0 4

pass www

login

transport input telnet

logg sync

0 Helpful

johnlloyd_13
Level 9
Level 9

‎08-12-2008 03:02 AM

you can also add service password-encryption and enable secret global config commands for security reasons..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card