Telnet is a simple yet powerful program that allows you to connect to a remote Cisco router or switch, and then configure it as though you were right at the console. Telnet is also one of those features that seems so very simple, until you get asked a half dozen questions about it on your CCNA exams. As with all topics, its the details you know about Telnet that will help you pass the Intro and ICND exams. Lets take a look at a few of these details. Well begin by debunking one common belief about Telnet: Telnet runs at layer 7 of the OSI model, not layer 3! Its easy to think that Telnet runs at Layer 3 of the OSI model, the Network layer. After all, youre entering an IP address when you telnet in to a router or switch, and you may be on another router when you do it! None of that matters. Layer 3 is strictly the domain of routing. Like other features that require input from the end user, especially authentication, Telnet runs at the Application layer of the OSI model. Speaking of authentication. Cisco routers require a password to be set before anyone can telnet in. Cisco routers can run quite a few passwords. We can set an enable password, an enable secret, an enable secret and enable password, a password for PPP connections, and even a console password. All of those are optional, but the telnet password is not. Makes sense you wouldnt want just anyone telnetting into your router, would you? If you have no password set on the VTY lines of your router, no one can telnet in. If they try, theyll see this message: R1#telnet 3.3.3.3 Trying 3.3.3.3 ... Open Password required, but none set [Connection to 3.3.3.3 closed by foreign host] To allow telnet access into a Cisco router, configure the VTY lines with a password and the login command: R3#conf t Enter configuration commands, one per line. End with CNTL/Z. R3(config)#line vty 0 4 R3(config-line)#login % Login disabled on line 2, until 'password' is set % Login disabled on line 3, until 'password' is set % Login disabled on line 4, until 'password' is set % Login disabled on line 5, until 'password' is set % Login disabled on line 6, until 'password' is set R3(config-line)#password cisco Note the messages you get after enabling login. These messages simply indicate that the login wont work until a password is set. The order with which you use the login and password commands dont matter just make sure you use them both. Were not quite done, though. The remote user can now telnet in, but by default, that user will be placed into user exec mode. If the user is to be allowed to enter privileged exec mode during a telnet session, an enable password or enable secret must be set. R1#telnet 3.3.3.3 Trying 3.3.3.3 ... Open User Access Verification Password: R3>enable % No password set R3> The user is stuck in user exec until you set a local enable password. Doing so will allow the user to use that password to enter privileged exec mode. R3#conf t R3(config)#enable password ccna R3(config)#^Z R1#telnet 3.3.3.3 Trying 3.3.3.3 ... Open User Access Verification Password: < user entered cisco here> R3>enable Password: < user entered ccna here > R3# The user is now in privileged exec mode. Theres also another method to use so the user is placed directly into privileged exec mode when telnetting in, avoiding the enable password prompt. Use the command privilege level 15 on the VTY lines to do so. R3#conf t R3(config)#line vty 0 4 R3(config-line)#privilege level 15 R1#telnet 3.3.3.3 Trying 3.3.3.3 ... Open User Access Verification Password: < user entered VTY line password here > R3# Note that the user went straight to privileged exec mode. Managing Telnet Connections We already know how to use Telnet (a layer 7 application) to access a remote device there are also commands that help us manage telnet connections. show sessions is a common command to see what current telnet sessions are operating. Telnet sessions do not have to be exited they can be suspended as well. The command to suspend the Telnet session is followed by striking the X key. To resume this telnet session, enter the resume command followed by the session number (resume 1) and press . To end a suspended telnet session, enter the disconnect command followed by the session number (disconnect 1) and press . |
