Showing results for 
Search instead for 
Did you mean: 

Line vty 0 15 and the password command


I recently started to study CCNA, I am in the Introduction to networks, there's a command I am a little bit confused and I would like to see if anyone can help me to clarify


So basically when I am doing the configuration on a switch I have to configure 2 passwords, one for the User Mode and the other one for the Privileged Mode.

To enter the User Mode password I type


S1#config t
S1(config)#line console 0
S1(config-line)#password cisco


and then for the Privileged Mode I type


S1(config-line)#enable secret class

but then when I do the configuration for VTY I do this

S1(config)#Line vty 0 15
S1(config-line)#password cisco


Why do I have to enter AGAIN the User Mode password on this part? I saw some videos on youtube and everyone is doing the same but I don't really understand this part and will it make a difference if I don't use the same password I set for the User Mode? What is the purpose of this other password?


thanks in advance

2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

A password is related to the way that you will access the switch. When you access the console you are using a physical cable that connects to the console port of the switch and it uses the configured console password. If you use telnet or SSH to access the switch they are accessing the vty lines and use the password configured on the vty. You need 2 passwords because there are 2 different ways to access the switch.

While it is common to use the same password for both console and vty there is no requirement that they be the same. It would be valid to use different passwords for console and for vty. (note that while it is advisable to use the same password for all the vty lines that is not a requirement. It would be valid to configure one password for vty 0 to 4, a second password for vty 5 to 9, and a third password for vty 10 to 15. The issue with this is that when using telnet or SSH you do not know which vty line you will get and so would have difficulty knowing which password to use.)



Martin L


Yes, 2 passwords for 2 level of access: User mode and Privileged Mode. 

1st one is User Mode, This 1st level password controls access or controls the way you access the device which is either via console or VTY (telnet/ssh).  Without this one you will not be able to access device at all (CLI window says press enter key). In other words, you will not get to 2nd password mode which is Privileged Mode.

The Privileged Mode password (your enable secret class) is also called enable mode password ( enable secret xyz or enable xyz).   This one controls what you can do with device; in other words, It protects configurations of device.  It is like protecting 2nd level of configure or not.  Without Privileged Mode password, you will not be able to configure device.   This 2nd Privileged Mode password is the same for all methods of access by default. 

In your case, password cisco is 1st level and it is the same for console access as well for VTY (Telnet/SSH)

enable secret class is Privileged Mode password (aka enable mode)

Note: Routers may have 3rd access method via AUX port.  It is old and dying method of access device via phone line.

Also note that enable secret class does not belong in LINE config mode (of console) but in Global config mode. CLI IOS let us enter command but it will move it to right place afterwords, Do show run to see where this command ends up. Also, use ? to see all commands and options.


Regards, ML
**Please Rate All Helpful Responses **

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: