Here you can get the detailed information on Computers and Technology . Know the complete reviews and tips on Computers and Technology our articles are very clearly written posts that any one can understand. So learn more about Computers and Technology . read all blogs for get complete details......

Thursday, August 28, 2008

VTY Passwords - Are They Required and How to You Configure Them?

Here are two questions that a lot of new Cisco Engineers struggle with.

Are passwords required on vty lines?

How do you configure vty passwords?

Here we look at 4 options:
Line passwords
Local username passwords
No login
AAA
In this article I cover options 1 and 2, and in my next article I cover options 3 & 4. By default, when you telnet to the vty line of a router or switch, you will see the following output:

C:>telnet 10.1.2.1
Password required, but none set
[Connection to 10.1.2.1 closed by foreign host]

The router/switch will drop your connection as a password is required for access to the router/switch. So by default you can see that a password is required to telnet to the vty lines of a router or switch.

Line passwords:
A password can be used on the line for access. This is easy to setup as there is only one password, but it not very secure because everyone shares that single password and it is difficult to track who has made changes.

This is configured as follows:
Router>enable
Router#configure terminal
Router(config)#line vty 0 4
Router-2(config-line)#login
% Login disabled on line 2, until 'password' is set

% Login disabled on line 3, until 'password' is set

% Login disabled on line 4, until 'password' is set

% Login disabled on line 5, until 'password' is set

% Login disabled on line 6, until 'password' is set

Router(config-line)#password cisco
When a telnet connection is now made to the router, the router will prompt for a password:

C:>telnet 10.1.2.1
User Access Verification
Password:
Enter your password and you are now in user mode:

Router>

Local usernames:

This is better than using a line password as different users have their own individual passwords. Each use is required to enter their own passwords rather than using a shared password. This helps with logging which user has made changes to the router.

Router>enable
Router#configure terminal
Router(config)#username david password cisco

Router(config)#line vty 0 4
Router-2(config-line)#login local
Testing:
C:>telnet 10.1.2.1
User Access Verification
Username:david
Password:
Enter your password and you are now in user mode:

Router>
Conclusion:
It is better to use usernames, rather than line passwords for added security. However based on your requirements you may need to know either option. In the next article we cover using no passwords at all and using AAA servers.

David Bombal CCIE #11023, CCSI, CCDP, CCIP, CCNP, CCSP, CCVP, CCNA, CCDA

Labels: , ,

posted by Akbar at 4:09 AM

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home