01-21-2020 11:14 PM
Greetings everyone, I have a quick question for all of you and I'm hoping for someone to clear everything up.
So from I understand, you can configure two different vty lines 0 - 4 for junior staff with a set password and then 5 - 15 for senior staff with a different password but this is if you're using telnet then those passwords would only matter if you're not using SSH correct?
If you're using SSH then you can just configure 0-15 with a login local configuration and setup privilege levels based on who you want to have access to to certain commands/abilities instead of doing what I mentioned above, correct?
Also, why is it when you try to enter privilege mode after successfully connecting through SSH it doesn't ask for a password even though I have one configured but when I console in it will then ask for the password I have set for entering privilege mode? On my console port, instead of disabling it I just added a password on the console port itself then afterwards you have another password you have to enter in order to access privilege mode and based on that password will determine what permissions you have hence the privilege level.
Any help would be appreciated in understanding these things, I've used them before and of course I'd choose SSH over Telnet but sometimes your switch may not support SSH.
Thank you again.
Solved! Go to Solution.
01-21-2020 11:59 PM
Hi,
So from I understand, you can configure two different vty lines 0 - 4 for junior staff with a set password and then 5 - 15 for senior staff with a different password but this is if you're using telnet then those passwords would only matter if you're not using SSH correct?
Yes your above understanding is correct. SSH needs username and password both. Further, if you define username with privilege level 15 when defining username in database then SSH remote user will not be prompted for enable password. For telnet user in your example, it will still require to enter enable password after the telnet
If you're using SSH then you can just configure 0-15 with a login local configuration and setup privilege levels based on who you want to have access to to certain commands/abilities instead of doing what I mentioned above, correct?
Yes and it is the recommended and secure way to access the Router. Telnet sessions are un-encrypted while SSH sessions are encrypted.
Also, why is it when you try to enter privilege mode after successfully connecting through SSH it doesn't ask for a password even though I have one configured but when I console in it will then ask for the password I have set for entering privilege mode? On my console port, instead of disabling it I just added a password on the console port itself then afterwards you have another password you have to enter in order to access privilege mode and based on that password will determine what permissions you have hence the privilege level.
On your console, since you are using line password only so a user logged in to console have to enter the console password, further remote user have to enter enable password also. But if you make login local and local username has priv 15 then enable password will be bypassed.
I hope above make sense
01-21-2020 11:59 PM
Hi,
So from I understand, you can configure two different vty lines 0 - 4 for junior staff with a set password and then 5 - 15 for senior staff with a different password but this is if you're using telnet then those passwords would only matter if you're not using SSH correct?
Yes your above understanding is correct. SSH needs username and password both. Further, if you define username with privilege level 15 when defining username in database then SSH remote user will not be prompted for enable password. For telnet user in your example, it will still require to enter enable password after the telnet
If you're using SSH then you can just configure 0-15 with a login local configuration and setup privilege levels based on who you want to have access to to certain commands/abilities instead of doing what I mentioned above, correct?
Yes and it is the recommended and secure way to access the Router. Telnet sessions are un-encrypted while SSH sessions are encrypted.
Also, why is it when you try to enter privilege mode after successfully connecting through SSH it doesn't ask for a password even though I have one configured but when I console in it will then ask for the password I have set for entering privilege mode? On my console port, instead of disabling it I just added a password on the console port itself then afterwards you have another password you have to enter in order to access privilege mode and based on that password will determine what permissions you have hence the privilege level.
On your console, since you are using line password only so a user logged in to console have to enter the console password, further remote user have to enter enable password also. But if you make login local and local username has priv 15 then enable password will be bypassed.
I hope above make sense
01-22-2020 10:17 AM
Thank you for clearing that up for me, I just wanted to make sure I had the correct understanding on everything. I find little bits and pieces of information then I go and test things for myself.
It's greatly appreciated.
01-22-2020 10:49 AM
I am glad.to hear that my response helped out to clear your doubts :)
Happy networking and keep posting in this community :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide