Configure Cisco switch telnet login and password

Contributed by qmchenry  
Tagged: Cisco switch  

• Tweet

Browse to next tech-recipes article

The ability to telnet into a Cisco switch greatly simplifies remote administration of the device. This recipe describes enabling telnet logins and password protecting them.

To enable telnet logins into a Cisco switch and set the telnet password to keepout use the following commands from configuration mode:

line vty 0 15
password keepout
login


To telnet to the switch, it must have an IP address configured.

You may also like -

Enable and password protect telnet logins to Cisco routersHow to Determine Which Switch and Port You are Connected ToConfigure console login password on Cisco switchSet the telnet source IP address for a Cisco routerVista: Installing the Telnet ClientHow to setup IAS to use radius to authenticate Cisco deviceCreating users on a Cisco routerCisco 2950 Switch: Create a VLAN

 

27 Comments -

1. bravepc said on October 3, 2008

   You have done what?

   The switch will arrive with a serial light blue cable. Connect it to the console port at the Cisco switch, and to the serial port on a pr.

   Open a terminal session (in ZP Hyperterm), use default settings and give session any name. In that way, tou don even need an ip

   But, this is the very entry point to the switch config. Somebody has to write a long manual here!

2. Oscar P. Snick said on November 28, 2008

   To Anonymous above, you can’t telnet to a switch that has no login. Bravepc describes the method well.

   Cisco already has a “long” manual. If it was effective, however, I wouldn’t have ended up here.

   Thanks for the info.

3. Lessa said on February 23, 2009

   To first configure a Cisco switch, be it any model #, it first has to be connected in out-of-band management: via console cable. Out-of-band can be taken as out of bandwidth, meaning not online. Not using the Ethernet or internet connections. In-band would be the opposite, meaning using Ethernet or internet connections. In-band = telnetting, SDM, etc.

   Note: I CANNOT remember how to set the IP to enter to get into telnet.. you have to have an IP, but I cannot remember what the commands are to set it. I believe it might be int vlan (#), and then setting that IP, as vty does not have an IP option. I am unsure. I did try this in Packet Tracer 5.0 and setting the vlan 1 IP did not change any affect when trying to ping or telnet to the switch.

   1.) Connect console cable
   2.) Use terminal emulation program to connect to switch or router. HyperTerminal in XP, Putty in XP & Vista, or (I’ve never heard ‘ZP’ before), ZP Hyperterm. I’m sure there are others as well. The default settings should be: Bits Per Second: 9600, Data Bits: 8, Parity: None, Stop Bits: 1, Flow Control: None. If this is not what you have, then correct it to the ones listed previously. Connect
   3.) Enter Privileged Exec mode via typing enable. The prompt with “>” dictates that it is “user” mode. Exec mode is “#”.
   4.) Enter configure terminal mode by typing that in after enable (while in exec/privileged mode)or config t for short.
   5.) Type in line vty 0 15 (meaning virtual telnet 0 – 15, 16 in all. You can set different passwords for different vtys. It is not limited to ONLY 0 15. Meaning ONLY 0-15.)
   6.) Type “password *password*”, where the asterisks dictate what you want to set your password as.
   7.) Type “login”, to make sure that someone connecting via telnet will have to enter the password you just set. Otherwise, it’s just free access. Remember “login”.
   8.) Type end, this will take you back STRAIGHT to privileged exec mode, this way you do not have to keep typing “exit”.
   9.) Type “wr”, short for “write”, which will then automatically (via write’s default settings) save running-config to startup-config. This is shorter than typing “copy run start”, which is also shorter than “copy running-config startup-config”.
   10.) You can either just disconnect from console 0 (or as the switch states it: con0) or type “logout” which will take you to the beginning, where you will have to press enter and re-login via secret and enable passwords.

   Note: I CANNOT remember how to set the IP to enter to get into telnet.. you have to have an IP, but I cannot remember what the commands are to set it.

   Now, via telnet:

   1.) Open up command (start menu > run > cmd)
   2.) Type “telnet (ip set)”
   3.) If the privilege was set to, say, “15″, then once the password was entered (as it is now prompting for the password if “login” was remembered), then once logged-in you will be in, I am 90% sure, enable mode without having to enter the enable password & enable secret, just the set telnet. I may have this backwards as I do not have much experience with the telnetting (I will be doing some testing later on)
   4.) Config t to use most commands, or show *whatever here* to get started. All show commands are in exec mode only, not config mode. There is a very limited amount of show commands in user mode.

   Okay, well.. if any mistakes are found, or if you know what I did not, please correct. I was typing this in during class, so please excuse me. I had limited time to mess around with Packet Tracer 5.0 before I had to move onto another page, or I would have researched answering my own questions. Thanks for reading.

4. Jacob said on March 19, 2009

   how to open a ZP hyperterm?

5. Shaun VT said on April 30, 2009

   Thanks Helped Alot

6. pramod said on June 2, 2009

   your suggession is right Given by you.

   Thanks a lot

7. o meu said on July 7, 2009

   k treta

8. Anonymous said on July 13, 2009

   i think a method to configure a telnet r admission ip :

   1) u need to go to enable mode
   2)Conf t
   3)interface vlan 1
   4) ip add 10.0.0.0 255.255.255.0

   I am new at cisco but i think this si how u do it

   (sry 4 my writhing but i am Croatian xD )

9. madcow said on October 2, 2009

   think that service password encryption should be enabled. (even if its low end security) u do not want save the passwords in clear text. and you probably want to create an access to block off access from the entire world (you only want to connect to it from within your own network) so:

   !enter configuration mode
   conf t

   !enable service password encryption
   service password encryption

   !password for privilaged acccess
   enable password keepout

   !access list for whatever you netblock is
   access-list 1 permit 192.168.0.0 0.0.0.255

   !enter telnet config mode
   line vty 0 4
   password keepout
   login
   access-class 1 in

10. Anonymous said on December 9, 2009

    U r right “darkman001″

    switch#Conf t
    switch(config)#interface vlan 1
    Switch(config-if)#ip add 192.168.1.50 255.255.255.0
    Switch(config-if)#no shutdown
    Switch(config-if)#exit
    after this u can telnet to switch (if u have configured vty pwd and enable pwd).

11. Anonymous said on April 6, 2010

    Great guys, i have a quick question Do we need to set up any default gateway to use Telnet?

12. Anonymous said on May 7, 2010

    this page so intresting….but i want no
    how to get the password if from:
    switch>
    password:
    to the
    switch#
    what command must i do????

13. saif.musa said on May 18, 2010

    xtrem
    you have to do like this:
    switch> enable
    switch# enable passward CISCO
    switch#enable secret CISCO (so you will be insure that no one could config your password from displaying running-config instruction)
    switch#wr
    switch#exit
    by doing that you will requasting passward in moving from user mode into exec mode.

14. AB said on June 20, 2010

    I enable service password-encryption. I’ve not been able to telnet into my switch anymore. What can I do to gain access into the switch without altering what I had there already?

    AB

15. MM said on June 25, 2010

    Hi!
    I am stuck with something while implementing the TELNET
    My switch was configured for both SSH and Telnet session previously ( for example: ssh to the router and then telnet to a switch), is it necessary to remove the SSH configuration if we want the PC to directly telnet the switch?
    How do we do that?
    Now after configuring the switch (for an ip address and a login passowrd), can we telnet to the switch from a linux PC that is on the internet?

16. Snarl said on September 9, 2010

    *************************************
    TELNET MINIMUM CONFIG
    *************************************

    switch>enable
    switch#conf t
    switch(config)#enable secret class

    switch(config)#interface f0/1
    switch(config-if)#vlan 10
    switch(config-if)#exit
    switch(config)#interface f0/1
    switch(config-if)#switchport access vlan 10
    switch(config-if)#exit

    switch(config)#int vlan 10
    switch(config-if)#ip address 192.168.0.1 255.255.255.0
    switch(config-if)#no shutdown
    switch(config-if)#exit

    switch(config)#line vty 0 15
    switch(config-line)#password cisco
    switch(config-line)#transport input telnet
    switch(config-line)#login
    switch(config-line)#exit

    switch(config)#exit
    switch(config)#write

    *************************************

17. Xtropx said on October 17, 2010

    On my switch, the 3500XL, login requires parameters, which I do not know, or it fails saying ‘incomplete command.’ The write command does not work either, in either variation, but appears to not be necessary.

    When I telnet to the IP of the switch, set at 192.168.0.25, it asks me for a user-name. I never set a user-name. I can’t get in. Any possible solutions??

18. Penggewang said on October 27, 2010

    to see which port your want to telnet…

    switch# show cdp neighbour

    this comand will help your to see which port your switch had connected and what ip of the port that has connected to switch. Then used that ip to telnet.

19. Snarl said on November 5, 2010

    switch(config)#write
    should be at the privileged exec prompt;
    switch#write
    or use this (they do the same thing);
    switch#copy running-config startup-config

    for telnet you’ll need to set a username and password, you never set one and thats the problem

    try this to see what parameters are available for login;
    switch(config-line)#login ?

20. Snarl said on November 5, 2010

    thinking about it, probably the reason its not accepting the login command is because you haven’t set a username or password.

    on the switch I have, I must set a password but its not necessary to set a username, it could be that older IOS versions are a little different

21. Anga said on November 16, 2010

    i want username and password also how to do it??

22. Rupali 320 said on November 19, 2010

    Tuhadi man da Fudda MAreya Saleyo ki-2 likhde rende ho………….

23. Ykumsa24 said on March 7, 2011

    Anga that is my qustion too how do i get username and pasword to accecce in the first place andy one help pleace

24. Markitupmark said on June 28, 2011

    conf t
    interface vlan 1
    ip address 192.168.0.2 255.255.255.252
    no shut

25. Blaze Jane95 said on July 5, 2011

    switch(config)#line vty 0 15
    switch(config-line)#password cisco
    switch(config-line)#transport input telnet
    switch(config-line)#login
    switch(config-line)#exit
     i have configured the above lines in the cisco me3400series switch an now i can no longer login it request a password and when i enter cisco it says its a bad secret

26. Sumit Tiwari said on October 12, 2011

    How to set telnet( VTY ) user name? Suppose Username is XYZ and Password is CISCO_123.

27. jayne said on November 14, 2011

    im trying to telnet but it says:

    Connection refused by remote host

    –what was that mean?…

    thanks!

RSS feed for comments on this post. TrackBack URL

Leave a comment -