Understanding Line VTY, Local Username Password & Enable Password

Rashmi Bhardwaj | Blog,Config & Troubleshoot
Advertisements

Understanding line vty

Password Prompts: Enable, Username-Password and Line vty

To add salt to wound, there are various prompts to set passwords on which can define user access on Router/Switch.Hence ,this becomes crucial to understand password requirement types and how are they configure in network and security setup.Notable is that password protection is key when it comes to audit and compliance  of company IT infrastructure.

Prompts to configure passwords:

understanding-line-vty-local-username-password-enable-password

To make things simpler, we will cover multiple scenarios and understand the behaviour of managed router/L3 or L2 Switch under each scenario.

Advertisements

understanding-line-vty-local-username-password-enable-password

Related – Meaning of line vty 0 4

 

SCENARIO 1:

R1 is trying to telnet to R2.R2 configuration:

username abc password 0 xyz

line vty 0 4

no login

transport input telnet ssh

 

Output on R1 :

R1#telnet 10.1.1.2

Trying 10.1.1.2 … Open

R2>en

% No password set

R2>

Conclusion: Setting enable password on R2 allows us to telnet to R2 from R1 using the password set with enable command.

Output :

R2 config :

R2(config)#enable password cisco

R1#telnet 10.1.1.2

Trying 10.1.1.2 … Open

R2>en

Password:

R2#

 

SCENARIO 2:

R2 is configured with local username and password along with enable password.R2 is also configured under lint vty 04 with login command.

 

R2 Config:

R2(config)#username abc password 0 xyz

R2(config)#enable password cisco

R2(config)#line vty 0 4

R2(config-line)#login

R2(config-line)#password google

 

Now , lets validate when R1 tries to telnet to R2 :

 

Output :

R1#telnet 10.1.1.2

Trying 10.1.1.2 … Open

User Access Verification

Password:      <Need to enter password configured under vty i.e. google >

R2>en

Password:      <Need to enter password configured with enable i.e. cisco >

R2#

SCENARIO 3 : 

Under R2’s line VTY used login local command in place of login.R2 Configs :

R2(config)#username abc password 0 xyz

R2(config)#enable password cisco

R2(config)#line vty 0 4

R2(config-line)#password google

R2(config-line)#login local

R1 tries to telnet to R2

 

Output :

R1#telnet 10.1.1.2

Trying 10.1.1.2 … Open

User Access Verification

Username: abc

Password:    <Need to enter password configured with local username and password i.e. xyz >

R2>en

Password:   <Need to enter password configured with enable i.e. cisco >

R2#

ABOUT THE AUTHOR


Leave a Comment

Your email address will not be published. Required fields are marked *

Shopping Cart