Telnet appears to operate at Layer 3 of the OSI architecture, the Network layer. After all, when you telnet through a router or switch, you’re accessing an IP address, and you could be on another router at the time! It doesn’t matter. Layer 3 is solely dedicated to routing. Telnet operates at the Application layer of the OSI model, just like other features that involve feedback from the end user, especially authentication.

When it comes to authentication,

Before someone can telnet into a Cisco router, a password must be set.

Cisco routers can handle a large number of passwords. We can change the allow password, enable secret, enable secret and unlock password, PPP link password, and console password.

Both of them are voluntary, except for the telnet password. It’s understandable; you wouldn’t want just anyone telnetting into your router, right?

No one will telnet into your router if the VTY lines do not have a password. If they pursue, they will receive the following message:

telnet 3.3.3.3 R1#

3.3.3.3 is being tested…

There is a password requirement, but none has been set.

[Foreign host closes link to 3.3.3.3]

Configure the VTY lines with a password and the login command to enable telnet access into a Cisco router:

R3#conf t

Fill in the blanks with configuration orders, one per panel. CNTL/Z is the final character.

vty 0 4 R3(config)#line

#login R3(config-line)

Line 2 has login disabled before ‘password’ is set.

% Login disabled before ‘password’ is set on line 3

% Login disabled before ‘password’ is set on line 4

Line 5 has login disabled before ‘password’ is set.

Line 6 has login disabled before ‘password’ is set.

R3(config-sheet)#cisco#password

After you allow login, take note of the messages you receive. These notifications basically inform you that you won’t be able to log in unless you create a password. It makes no difference in the order you use the username and password commands; just make sure you use them both.

R1#telnet 3.3.3.3

Trying 3.3.3.3 … Open

User Access Verification

Password:

R3>enable

% No password set

R3>

The user is stuck in user exec until you set a local enable password. Doing so will allow the user to use that password to enter privileged exec mode.

R3#conf t

R3(config)#enable password ccna

R3(config)#^Z

R1#telnet 3.3.3.3

Trying 3.3.3.3 … Open

User Access Verification

Password:

R3>enable

Password:

R3#

The user is now in privileged exec mode. There’s also another method to use so the user is placed directly into privileged exec mode when telnetting in, avoiding the enable password prompt. Use the command privilege level 15 on the VTY lines to do so.

R3#conf t

R3(config)#line vty 0 4

R3(config-line)#privilege level 15

R1#telnet 3.3.3.3

Trying 3.3.3.3 … Open

User Access Verification

Password:

R3#

Note that the user went straight to privileged exec mode.

Managing Telnet Connections

We already know how to use Telnet (a layer 7 application) to access a remote device there are also commands that help us manage telnet connections.

“show sessions” is a common command to see what current telnet sessions are operating.

Telnet sessions do not have to be exited they can be suspended as well. The command to suspend the Telnet session is followed by striking the “X” key.

To resume this telnet session, enter the resume command followed by the session number (“resume 1”) and press .

To end a suspended telnet session, enter the disconnect command followed by the session number (“disconnect 1”) and press .

Leave a Comment