Tuesday, December 1, 2009

Configure Cisco switch telnet login and password

SkyHi @ Tuesday, December 01, 2009
  • madcow
    think that service password encryption should be enabled. (even if its low end security) u do not want save the passwords in clear text. and you probably want to create an access to block off access from the entire world (you only want to connect to it from within your own network) so:

    !enter configuration mode
    conf t

    !enable service password encryption
    service password encryption

    !password for privilaged acccess
    enable password keepout

    !access list for whatever you netblock is
    access-list 1 permit

    !enter telnet config mode
    line vty 0 4
    password keepout
    access-class 1 in
Reference: http://www.tech-recipes.com/rx/460/configure_cisco_switch_telnet_login_password/

Example of Restricting Telnet access with an Access-list

Quickly, let me provide another example of using an ACL. Say that you are still on the Chicago router. You want to only allow your PC’s IP address (on the Chicago LAN) access to TELNET, to the router. Yes, you could do this with an ACL on the Interface but, instead, let’s do it by using the access-class statement on the vty lines. To do this, you only need a standard access-list. Say that your PC’s IP address is First, create an access-list to specify traffic with that source, like this:

Next, apply this ACL to all 5 VTY lines using the vty range configuration, using the access-class statement, like this: By creating this ACL and applying it to all 5 VTY lines, we are saying that only IP address can TELNET to this Cisco router. This is just another example of the many uses of an ACL.

Reference: http://www.petri.co.il/csc_how_to_use_cisco_ios_access_lists_02.htm