cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
69322
Views
16
Helpful
5
Replies

Line vty 0 15 and the password command

brandondjs
Level 1
Level 1

I recently started to study CCNA, I am in the Introduction to networks, there's a command I am a little bit confused and I would like to see if anyone can help me to clarify

 

So basically when I am doing the configuration on a switch I have to configure 2 passwords, one for the User Mode and the other one for the Privileged Mode.

To enter the User Mode password I type

 

S1>enable
S1#config t
S1(config)#line console 0
S1(config-line)#password cisco
S1(config-line)#login

 

and then for the Privileged Mode I type

 

S1(config-line)#enable secret class

but then when I do the configuration for VTY I do this

S1(config)#Line vty 0 15
S1(config-line)#password cisco
S1(config-line)#login
S1(config-line)#end
S1#wr

 

Why do I have to enter AGAIN the User Mode password on this part? I saw some videos on youtube and everyone is doing the same but I don't really understand this part and will it make a difference if I don't use the same password I set for the User Mode? What is the purpose of this other password?

 

thanks in advance

5 Replies 5

Richard Burts
Hall of Fame
Hall of Fame

A password is related to the way that you will access the switch. When you access the console you are using a physical cable that connects to the console port of the switch and it uses the configured console password. If you use telnet or SSH to access the switch they are accessing the vty lines and use the password configured on the vty. You need 2 passwords because there are 2 different ways to access the switch.

While it is common to use the same password for both console and vty there is no requirement that they be the same. It would be valid to use different passwords for console and for vty. (note that while it is advisable to use the same password for all the vty lines that is not a requirement. It would be valid to configure one password for vty 0 to 4, a second password for vty 5 to 9, and a third password for vty 10 to 15. The issue with this is that when using telnet or SSH you do not know which vty line you will get and so would have difficulty knowing which password to use.)

HTH

Rick

Martin L
VIP
VIP

 

Yes, 2 passwords for 2 level of access: User mode and Privileged Mode. 

1st one is User Mode, This 1st level password controls access or controls the way you access the device which is either via console or VTY (telnet/ssh).  Without this one you will not be able to access device at all (CLI window says press enter key). In other words, you will not get to 2nd password mode which is Privileged Mode.

The Privileged Mode password (your enable secret class) is also called enable mode password ( enable secret xyz or enable xyz).   This one controls what you can do with device; in other words, It protects configurations of device.  It is like protecting 2nd level of configure or not.  Without Privileged Mode password, you will not be able to configure device.   This 2nd Privileged Mode password is the same for all methods of access by default. 

In your case, password cisco is 1st level and it is the same for console access as well for VTY (Telnet/SSH)

enable secret class is Privileged Mode password (aka enable mode)

Note: Routers may have 3rd access method via AUX port.  It is old and dying method of access device via phone line.

Also note that enable secret class does not belong in LINE config mode (of console) but in Global config mode. CLI IOS let us enter command but it will move it to right place afterwords, Do show run to see where this command ends up. Also, use ? to see all commands and options.

 

Regards, ML
**Please Rate All Helpful Responses **

mt782c
Level 1
Level 1

I know this is an old thread, but I'm wondering about the precedence when using local user accounts (not my preferred configuration, I'm cleaning up a client's old equipment).

Is the vty password ignored when there is a user present?

Is the vty password ignored when TACACS+ is in use?

Best Regards,

Martin

Hi,

Q1) Is the vty password ignored when there is a user present?

If you want to use a local user account on the device for the VTY lines you then need the config to have "login local"

eg

!
username bob secret mypass
!
line vty 0 15
transpport in telnet ssh
login local
!

Even if you have left in the password on the line vty 0 15 it will be ignored.

Q2) Is the vty password ignored when TACACS+ is in use?

As long as your TACACS+ is working correctly then YES the vty password is ignored

Hope this helps

Regards, Alex. Please rate useful posts.

Thank you Alex. Yes, that's the clarification I was looking for.

Best Regards,

Martin

Review Cisco Networking for a $25 gift card