Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
20303
Views
5
Helpful
5
Replies

Line con 0 meaning?

Go to solution
trane.m
Level 1
Level 1

‎02-12-2022 02:37 AM

Hello,

Sorry if i put this in the wrong board, i wasn't sure where it should be.

I'm a student at a IT education and these days we have about Cisco IOS, primarily on switches. Our teacher provided us with a cheat sheet, but without any explanation of what the commands does. I searched for and found explanations on all but one.

First question: What does "line con 0" do? as far as i understand it, line is like a connection, con is console and 0 must mean the first, so the configuration of the first console connection? If that's right, what can be configured on a console interface? If someone can give me an example, i would be very grateful. I'm also unsure about "line aux 0", but i think i'll understand that, when the other one falls into place.

 

Let me remind you: this is the cheat sheet provided by my teacher.
Second question: Is there any good reason why the same lines are written more than once? If anyone can explain that would be lovely.

Enable secret xxx - configures a encrypted password
Username yyy password xxx - configures a username and a password (not encrypted)
line con 0 - not sure
no privilege level - users do not have privilege levels
exec-timeout 0 0 - time until automatic disconnect (minutes and seconds)
logging synchronous - when syslog messages appear, the command is copied to a new line
line aux 0 - not sure
no privilege level
exec-timeout 0 0
logging synchronous
line vty 0 4 - number of simultaneous telnet or SSH connections. Numbers represent the range of "ports" /connections. 0-4 = 5 connections, max is 16.
no privilege level
exec-timeout 0 0
logging synchronous
login local - you need to know both the password and the username to login remotely
transport input telnet - protocols accepted for remote login. Default is all.

Third question: Is there any misunderstandings in the small notes i wrote next to some of the commands?

 

Thanks in advance

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎02-12-2022 07:45 AM

Georg has provided a good response about con 0. Let me address the other question asked in the original post. Commands like exec-timeout 0 0 and logging synchronous appear multiple times because they are being applied to the console, to the aux, and to the vty. When you enter line con 0 that puts you into a configuration mode that is specific to the console. Any commands entered there will not apply to the aux or to the vty. If you want the commands to work in each of those then you must enter the commands in the config mode for each of those.

Question 3

= you say not sure about line con 0 and line aux 0. These commands get into the specific mode for configuration of the console or of the aux port.

= you have 2 entries about passwords and your notes imply that the main difference is that one is encrypted and the other is not. While that is true it is not the more significant aspect. There represent 2 different types of passwords. In IOS there can be a password that gets you into user mode. In user mode you can do some things (like show commands) but other things are reserved for what is usually called enable mode or privileged mode. Configuration commands and other commands that can actually impact operation of the device are generally reserved for enable/privileged mode.

= You have this under line con 0 "no privilege level - users do not have privilege levels" Actually users do have privilege levels. The default privilege level is 1 and it is possible to assign other privilege levels. The command no privilege level actually removes any previously set privilege level and just sets the privilege level to the default value

 

HTH

Rick

View solution in original post

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to trane.m

‎02-14-2022 11:12 AM

I am glad to continue this discussion.
aux port (like the console port) is a physical connection and provides access to the device. vty is a virtual connection, typically for remote access. Each provide some type of access to the device. Some Cisco devices do have an aux port (especially routers, not so much switches). A common use of the aux port was to connect a modem to the aux port. With a working modem on the aux port you could dial in and have remote management of the device.
In configuring Cisco devices there are multiple modes you can be in. There is global config mode where you can configure things that apply generally to the router (things like the host name,  user names/passwords, whether logging is enabled or not, whether ip routing is enabled or not, and many other things), there is interface config mode where you configure things about interfaces, there is line config mode where you configure console, aux, and vty. 
This link has information that I hope you will find useful which tells about various modes on Cisco equipment
https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/02_cisco_ios_hierarchy.htm
You ask about passwords. The cheat sheet contains 2 use of passwords. one was "enable secret" and yes that is the password that controls access to privilege mode (and configuration is done from privilege mode and not from user mode). The other was a password configured in the command to create a user ID and that would control access to user mode. There are a couple of aspects of a password to consider: one is the privilege level associated with the password (is it for user mode or is it for privilege mode) and the other is whether the password is encrypted or not (your note correctly identifies that the enable password would be encrypted while the user password would not).
You ask whether it is always the same command to configure passwords. There are several ways in which passwords can be configured.
1) the oldest method is to configure passwords on the line (console, aux, vty) in which case no user ID is required. This is the least secure method and is no longer recommended.
2) the methods shown in your cheat sheet where IDs and passwords are configured on the device (switch or router).
3) storage of ID and password on an authentication server (Radius and Tacacs are supported in IOS)

HTH

Rick

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Georg Pauwen
VIP
VIP

‎02-12-2022 03:56 AM

Hello,,

 

you are on the right track. Line con 0 refers to the console port of the switch (it is usually either an RJ-45 or, on newer devices, a USB port). The console port is used to physically connect (a PC or laptop) to the device.

 

There are a few things you can configure on the console port (0 indeed means the first):

 

line con 0

privilege level 15
password 0 mypwd
login

 

The link below is a useful read:

 

https://blog.router-switch.com/2011/12/how-to-connect-a-routerswitch-through-the-console-port/#:~:text=Every%20Cisco%20router%2Fnetwork%20switch,is%2C%20without%20a%20network%20connection.

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎02-12-2022 07:45 AM

Georg has provided a good response about con 0. Let me address the other question asked in the original post. Commands like exec-timeout 0 0 and logging synchronous appear multiple times because they are being applied to the console, to the aux, and to the vty. When you enter line con 0 that puts you into a configuration mode that is specific to the console. Any commands entered there will not apply to the aux or to the vty. If you want the commands to work in each of those then you must enter the commands in the config mode for each of those.

Question 3

= you say not sure about line con 0 and line aux 0. These commands get into the specific mode for configuration of the console or of the aux port.

= you have 2 entries about passwords and your notes imply that the main difference is that one is encrypted and the other is not. While that is true it is not the more significant aspect. There represent 2 different types of passwords. In IOS there can be a password that gets you into user mode. In user mode you can do some things (like show commands) but other things are reserved for what is usually called enable mode or privileged mode. Configuration commands and other commands that can actually impact operation of the device are generally reserved for enable/privileged mode.

= You have this under line con 0 "no privilege level - users do not have privilege levels" Actually users do have privilege levels. The default privilege level is 1 and it is possible to assign other privilege levels. The command no privilege level actually removes any previously set privilege level and just sets the privilege level to the default value

 

HTH

Rick
0 Helpful

Go to solution
trane.m
Level 1
Level 1
In response to Richard Burts

‎02-14-2022 01:53 AM

Hi Richard, thanks for your reply. I have some small followup questions:

You write: When you enter line con 0 that puts you into a configuration mode that is specific to the console. Any commands entered there will not apply to the aux or to the vty

I understand that as 'con' being the physical console port/interface, vty (Virtual TeletYpe) is the virtual terminal and i guess there's also a physical auxiliary port/interface on some switches so that's what aux is for. Correct?

So it's exactly like when configuring 'int g0/1' or 'int g2/3', except it's not interfaces for switching, but for controlling and configuring the switch. Correct?

 

I also have a followup question regarding you comment to my password/secret notes. You write: There represent 2 different types of passwords. In IOS there can be a password that gets you into user mode. In user mode you can do some things (like show commands) but other things are reserved for what is usually called enable mode or privileged mode. Configuration commands and other commands that can actually impact operation of the device are generally reserved for enable/privileged mode.

I guess that means that one of the passwords are for getting into user mode. Which one and is it always the same command for creating a password to get into user mode? What about the other password, is that for getting into privileged mode? Global config mode? or something else?

 

For the rest, i thank you very much and ill make sure to accept your comments as solutions when we're done

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to trane.m

‎02-14-2022 11:12 AM

I am glad to continue this discussion.
aux port (like the console port) is a physical connection and provides access to the device. vty is a virtual connection, typically for remote access. Each provide some type of access to the device. Some Cisco devices do have an aux port (especially routers, not so much switches). A common use of the aux port was to connect a modem to the aux port. With a working modem on the aux port you could dial in and have remote management of the device.
In configuring Cisco devices there are multiple modes you can be in. There is global config mode where you can configure things that apply generally to the router (things like the host name,  user names/passwords, whether logging is enabled or not, whether ip routing is enabled or not, and many other things), there is interface config mode where you configure things about interfaces, there is line config mode where you configure console, aux, and vty. 
This link has information that I hope you will find useful which tells about various modes on Cisco equipment
https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/02_cisco_ios_hierarchy.htm
You ask about passwords. The cheat sheet contains 2 use of passwords. one was "enable secret" and yes that is the password that controls access to privilege mode (and configuration is done from privilege mode and not from user mode). The other was a password configured in the command to create a user ID and that would control access to user mode. There are a couple of aspects of a password to consider: one is the privilege level associated with the password (is it for user mode or is it for privilege mode) and the other is whether the password is encrypted or not (your note correctly identifies that the enable password would be encrypted while the user password would not).
You ask whether it is always the same command to configure passwords. There are several ways in which passwords can be configured.
1) the oldest method is to configure passwords on the line (console, aux, vty) in which case no user ID is required. This is the least secure method and is no longer recommended.
2) the methods shown in your cheat sheet where IDs and passwords are configured on the device (switch or router).
3) storage of ID and password on an authentication server (Radius and Tacacs are supported in IOS)

HTH

Rick
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎02-15-2022 06:54 AM

This has been a good discussion about some very basic concepts, and that is part of what this community is about. I am glad that our explanations have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card