 |
Cisco CCNA Certification: The Hidden Details Of Telnet |
 |
|
Telnet is a simple yet powerful program that allows you to
connect to a remote Cisco router or switch, and then configure
it as though you were right at the console. Telnet is also
one of those features that seems so very simple, until you
get asked a half dozen questions about it on your CCNA exams.
As with all topics, it’s the details you know about Telnet
that will help you pass the Intro and ICND exams.
Let’s take a look at a few of these details. We’ll
begin by debunking one common belief about Telnet:
Telnet runs at layer 7 of the OSI model, not layer 3!
It’s easy to think that Telnet runs at Layer 3 of the
OSI model, the Network layer. After all, you’re entering
an IP address when you telnet in to a router or switch, and
you may be on another router when you do it! None of that
matters. Layer 3 is strictly the domain of routing. Like other
features that require input from the end user, especially
authentication, Telnet runs at the Application layer of the
OSI model.
Speaking of authentication….
Cisco routers require a password to be set before anyone
can telnet in.
Cisco routers can run quite a few passwords. We can set an
enable password, an enable secret, an enable secret and enable
password, a password for PPP connections, and even a console
password.
All of those are optional, but the telnet password is not.
Makes sense – you wouldn’t want just anyone telnetting
into your router, would you?
If you have no password set on the VTY lines of your router,
no one can telnet in. If they try, they’ll see this message:
R1#telnet 3.3.3.3
Trying 3.3.3.3 ... Open
Password required, but none set
[Connection to 3.3.3.3 closed by foreign host]
To allow telnet access into a Cisco router, configure the
VTY lines with a password and the login command:
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#line vty 0 4
R3(config-line)#login
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
% Login disabled on line 6, until 'password' is set
R3(config-line)#password cisco
Note the messages you get after enabling login. These messages
simply indicate that the login won’t work until a password
is set. The order with which you use the login and password
commands don’t matter just make sure you use them both.
We’re not quite done, though. The remote user can now
telnet in, but by default, that user will be placed into user
exec mode. If the user is to be allowed to enter privileged
exec mode during a telnet session, an enable password or enable
secret must be set.
R1#telnet 3.3.3.3
Trying 3.3.3.3 ... Open
User Access Verification
Password:
R3>enable
% No password set
R3>
The user is stuck in user exec until you set a local enable
password. Doing so will allow the user to use that password
to enter privileged exec mode.
R3#conf t
R3(config)#enable password ccna
R3(config)#^Z
R1#telnet 3.3.3.3
Trying 3.3.3.3 ... Open
User Access Verification
Password: < user entered cisco here>
R3>enable
Password: < user entered ccna here >
R3#
The user is now in privileged exec mode. There’s also
another method to use so the user is placed directly into
privileged exec mode when telnetting in, avoiding the enable
password prompt. Use the command privilege level 15 on the
VTY lines to do so.
R3#conf t
R3(config)#line vty 0 4
R3(config-line)#privilege level 15
R1#telnet 3.3.3.3
Trying 3.3.3.3 ... Open
User Access Verification
Password: < user entered VTY line password here >
R3#
Note that the user went straight to privileged exec mode.
Managing Telnet Connections
We already know how to use Telnet (a layer 7 application)
to access a remote device there are also commands that help
us manage telnet connections.
“show sessions” is a common command to see what
current telnet sessions are operating.
Telnet sessions do not have to be exited they can be suspended
as well. The command to suspend the Telnet session is followed
by striking the “X” key.
To resume this telnet session, enter the resume command followed
by the session number (“resume 1”) and press .
To end a suspended telnet session, enter the disconnect command
followed by the session number (“disconnect 1”)
and press.
About the Author:
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage,
home of free CCNA and CCNP tutorials, The Ultimate CCNA Study
Package, and Ultimate CCNP Study Packages. For a FREE copy
of his latest e-books, “How To Pass The CCNA” and
“How To Pass The CCNP”, visit the website and download
your free copies. You can also get FREE CCNA and CCNP exam
questions every day! Pass the CCNA exam with The Bryant Advantage!
|
|
|
|
Relevant Resources |
|
|
|
|
|
Need Cisco Hardware for your Cert? |
|
|
| Call 813.852.6400 now for more information to find the best router or switch to best help you with your certification exam. Having "real" hands-on experience is extremely beneficial not just for testing, but also ensures you are actually familiar with the device you are working on.
|
|
|
|
|
Cisco Routers |
|
|
|
|
|
Cisco Switches |
|
|
|
|
|
