Link to home
Start Free TrialLog in
Avatar of zenworksb
zenworksb

asked on

cisco help

what enterface do you set to enable passord protection on telnet sessions?
ASKER CERTIFIED SOLUTION
Avatar of renill
renill
Flag of United Arab Emirates image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of srgilani
srgilani
Flag of Pakistan image
do below steps

enable
 
config terminal

line vty 0 4

password  <password for telnet>

Avatar of tang_tzuchi
tang_tzuchi
Flag of Malaysia image
srgilani, you forgot to add in another "login" statement after the "line vty 0 4" statement. By adding this "login" statement, the router/switch should able to prompt for password when you telnet.

If you want to add the username and password togather for login, you should add another statement username xxx password xxxx.

regards.
Avatar of rafael_acc
rafael_acc
Flag of United States of America image
a complete protection would be to also add a access-list so that telnet access is allowed from specific IPs only.

(config)# access-list 50 remark Protect telnet access
(config)# access-list 50 permit host <ip addr>
(config)# line vty 0 4
(config-line)# password <password>
(config-line)# login
(config-line)# access-class 50 in

or, instead of specifying a host, you can specify a range of ips:

(config)# access-list 50 remark Protect telnet access
(config)# access-list 50 permit <ipAddr> <wildcardMask>

Note that wildcardMask is not the same as subnet mask. Here is how to get it
Say for example that the subnet mask is 255.255.255.240

256 - 240 = 16
16 - 1 = 15
Replace all 255 with 0

The wildcard mask is 0.0.0.15



Cheers