Monday, June 22, 2015

Configure Cisco VTY local accounts and Enable passwords

  1. From the privileged EXEC (or "enable") prompt, enter configuration mode and enter username/password combinations, one for each user for whom you want to allow access to the router: 
    router#configure terminal
 Enter configuration commands, one per line.  End with CNTL/Z.
 router(config)#username user1 privilege 5 secret california
 router(config)#username user2 privilege 10 secret texas
 router(config)#username user3 privilege 15 secret arizona
 router(config)#service password-encryption
    Note: Use "service password-encryption" to hide all passwords from the configuration view.
  2. Switch to line configuration mode, using the following commands. Notice that the prompt changes to reflect the current mode. 
    router(config)#line vty 0 4
router(config-line)#logging synchronous
router(config-line)#exec-timeout 60 0
  3. Configure password checking at login for vty line. 
    router(config-line)#login local
  4. Exit configuration mode. 
    router(config-line)#end
router#
%SYS-5-CONFIG_I: Configured from console by console

Verify the Configuration

Examine the configuration of the router to verify that the commands have been properly entered:
  • show running-config - displays the current configuration of the router. 
    router#show running-config
Building configuration...
!

!--- Lines omitted for brevity



!
username user1 privilege 15 secret 5 $1$giXN$BA4qQ61PMFH0pckB1VvNp/
username user2 ...............etc
username user3 ...............etc
!

!--- Lines omitted for brevity



!
line con 0
line 1 8
line aux 0
line vty 0 4
 password 7 13151601181B382F
 login local
!
end
    To test this configuration, a Telnet connection must be made to the router. This can be done by connecting from a different host on the network, but you can also test from the router itself by telnetting to the IP address of any interface on the router that is in an up/up state as seen in the output of the show interfaces command.
    Here is a sample output if the address of interface ethernet 0 were 10.10.10.1:
    router#telnet 10.10.10.1
Trying 10.10.10.1 ... Open


User Access Verification


Username: user2
Password:

!--- Password entered here is not displayed by the router
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)