Telnet is a simple yet powerful program that allows you to connect to a remote Cisco router or switch, and then configure it as though you were right at the console. Telnet is also one of those features that seems so very simple, until you get asked a half dozen questions about it on your CCNA exams. As with all topics, it’s the details you know about Telnet that will help you pass the Intro and ICND exams.
Let’s take a look at a few of these details. We’ll begin by debunking one common belief about Telnet:
Telnet runs at layer 7 of the OSI model, not layer 3!
It’s easy to think that Telnet runs at Layer 3 of the OSI model, the Network layer. After all, you’re entering an IP address when you telnet in to a router or switch, and you may be on another router when you do it! None of that matters. Layer 3 is strictly the domain of routing. Like other features that require input from the end user, especially authentication, Telnet runs at the Application layer of the OSI model.
Speaking of authentication….
Cisco routers require a password to be set before anyone can telnet in.
Cisco routers can run quite a few passwords. We can set an enable password, an enable secret, an enable secret and enable password, a password for PPP connections, and even a console password.
All of those are optional, but the telnet password is not. Makes sense – you wouldn’t want just anyone telnetting into your router, would you?
If you have no password set on the VTY lines of your router, no one can telnet in. If they try, they’ll see this message:
R1#telnet 3.3.3.3
Trying 3.3.3.3 ... Open
Password required, but none set
[Connection to 3.3.3.3 closed by foreign host]
To allow telnet access into a Cisco router, configure the VTY lines with a password and the login command:
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#line vty 0 4
R3(config-line)#login
% Login disabled on line 2, until 'password' is set
% Login disabled on line 3, until 'password' is set
% Login disabled on line 4, until 'password' is set
% Login disabled on line 5, until 'password' is set
% Login disabled on line 6, until 'password' is set
R3(config-line)#password Cisco
Note the messages you get after enabling login. These messages simply indicate that the login won’t work until a password is set. The order with which you use the login and password commands don’t matter just make sure you use them both.
We’re not quite done, though. The remote user can now telnet in, but by default, that user will be placed into user exec mode. If the user is to be allowed to enter privileged exec mode during a telnet session, an enable password or enable secret must be set.
R1#telnet 3.3.3.3
Trying 3.3.3.3 ... Open
User Access Verification
Password:
R3>enable
% No password set
R3>
The user is stuck in user exec until you set a local enable password. Doing so will allow the user to use that password to enter privileged exec mode.
R3#conf t
R3(config)#enable password ccna
R3(config)#^Z
R1#telnet 3.3.3.3
Trying 3.3.3.3 ... Open
User Access Verification
Password: < user entered Cisco here>
R3>enable
Password: < user entered ccna here >
R3#
The user is now in privileged exec mode. There’s also another method to use so the user is placed directly into privileged exec mode when telnetting in, avoiding the enable password prompt. Use the command privilege level 15 on the VTY lines to do so.
R3#conf t
R3(config)#line vty 0 4
R3(config-line)#privilege level 15
R1#telnet 3.3.3.3
Trying 3.3.3.3 ... Open
User Access Verification
Password: < user entered VTY line password here >
R3#
Note that the user went straight to privileged exec mode.
Managing Telnet Connections
We already know how to use Telnet (a layer 7 application) to access a remote device there are also commands that help us manage telnet connections.
“show sessions” is a common command to see what current telnet sessions are operating.
Telnet sessions do not have to be exited they can be suspended as well. The command to suspend the Telnet session is followed by striking the “X” key.
To resume this telnet session, enter the resume command followed by the session number (“resume 1”) and press .
To end a suspended telnet session, enter the disconnect command followed by the session number (“disconnect 1”) and press .
Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage ( http://www.thebryantadvantage.com/ ), home of free CCNA and CCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages. Video courses and training, binary and subnetting help, and corporate training are also available. Pass the CCNA exam with Chris Bryant, CCIE #12933!
For my FREE "How To Pass The CCNA" or "How To Pass The CCNP" ebook, write to chris@thebryantadvantage.com!
Categories
