This article is going to shows the CCNA students toconfigure and enable telnet and ssh on Cisco router and switches. The Telnet is an old and non secure application protocol of remote control services. You can configure telnet on all Cisco switches and routers with the following step by step guides. But it’s not the best way on the wide area network. However we just going to enable telnet and ssh to test them for CCNA Certification exams.
To enable telnet on Cisco router, simply do it with “line vty” command. First of first download the CCNA Lab for Enable Telnet and SSH on Cisco Router fromTelnet and SSHLab. The Lab is configured with DHCP server and all clients get IP address fromDHCP Server on Router.
Go to router R1 console and configure telnet with“line vty” command.
R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#line vty 0
R1(config-line)#password Pass123
R1(config-line)#login
R1(config-line)#logging synchronous
R1(config-line)#exec-timeout 40
R1(config-line)#motd-banner
R1(config-line)#exit
R1(config)#
The “line vty” command enable the telnet and the “0″ is just let a single line or session to the router. If you need more session simultaneously, you must type “line vty 0 10“.
The “password” command set the “Pass123” as password for telnet. You can set your own password.
The “login” command authenticate and ask you the password of telnet. If you type “no login” command, the telnet never authenticate for password which is not a good practice in real network environment.
The “logging synchronous” command stops any message output from splitting your typing.
The “exec-timeout” command just sets the time-out limit on the line from the default to “40″minutes.
The motd-banner forces a banner message to appear when logging in.
OK, the Telnet services enabled successfully. But you must set the enable passwordfor router in order to control it remotely.
R1(config)#enable password Password
R1(config)#exit
Testing Telnet Connectivity
Now from a client PC test the telnet connectivity and to insure that it works fine or not yet. If it is not work, try to troubleshoot telnet errors.
Let’s test telnet from the admin PC. Type telnet 192.168.10.1 and press enter, then enter the telnet password. Next type enablecommand and press enter, thentypethe router password.
Packet Tracer PC Command Line 1.0
PC>telnet 192.168.10.1
Trying 192.168.10.1 …Open
User Access Verification
Password:
R1>enable
Password:
R1#
Now you are remotely connected to router R1 and you can execute all router commands through telnet command line interface.
If you need more information about Telnet commands and options, from the config-linemode type “?“, the question mark will display all telnet commands.
That is it, the telnet services configuration on Cisco router.
2. Enable Telnet and SSH: SSHConfiguration.
Secure Shell or SSH is a secure protocol and thereplacement for Telnet and other insecure remote shell protocols. So for secure communication between network devices, I strongly recommendusing SSH instead of Telnet.
Configure SSH on Cisco routers and switches with the below step by step guide to SSH configuration.
1. Open the router R1 console line and create domain and user name.
R1(config)#ip domain-name Technig.com
R1(config)#username Shais Password Pass123
R1(config)#
Then “ip domain-name” command create a domain and named Technig.com.
The “username Shais Password Pass123” command just create a user name “Shais” with “Pass123” password.
2. If you don, just follow and generatethe encryption keys for securing the ssh session.
R1(config)#crypto key generate rsa
The name for the keys will be: R1.Technig.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.
How many bits in the modulus [512]: 1024
% Generating 1024bit RSA keys, keys will be non-exportable…[OK]
R1(config)#
Type “crypto key generate rsa” command and press enter, when ask you“How many bits in the modulus [512]:” just type “1024″and press enter. The system will generate 1024bits keys to secure session lines. You can choosemodulus in the range of 360 to 2048.
3. Now enable SSH version 2, set time out duration and login attempt timeon the router. Remember this message if you going to use ssh version 2 “Please create RSA keys (of at least 768 bits size) to enable SSH v2.”
R1(config)#ip ssh version 2
R1(config)#ip ssh time-out 50
R1(config)#ip ssh authentication-retries 4
4. Enable vty lines and configureaccess protocols.
R1(config)#line vty 0
R1(config-line)#transport input ssh
R1(config-line)#password Pass123
R1(config-line)#login
R1(config-line)#logging synchronous
R1(config-line)#motd-banner
R1(config-line)#exit
R1(config)#
The configuration is the same as telnet, just the transport input sshcommandchange the line to Secure Shell. Configuration has completed, next you must test ssh from a client PC.
Testing SSH Connectivity
From a client PC, open the command line and type “ssh -l Shais 192.168.10.1” then press enter.
Packet Tracer PC Command Line 1.0
PC>ssh -l Shais 192.168.10.1
Open
Password:
R1>enable
Password:
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
Here, I have connected successfully and the connection is secured with Secure Shell.