How to Open Telnet Connection on Cisco Catalyst

Cisco_Logo_399x290In this article, we will do some configuration to make L2 Cisco Switch (Catalyst) could receive telnet session from laptop or computer that run telnet client. Telnet session will useful if you want to remote the switch, even your computer not in the same network with your switches.

Telnet session running on the Application Layer both of OSI Model or TCP/IP Model. Protocol in Application Layer , such as telnet session, will work properly if the Network Layer work properly too. So, for this reason, your switches must have IP Address, default gateway and DNS configuration.

You should read this article if you still not to know how to configure IP Address for the management purpose. On that article, the IP Address configured at vlan interface, in that case VLAN 1. You could make any customization, for example, you could use another VLAN (other than VLAN 1) to configure the IP Address. Usually, network administrator wont use VLAN 1 for management purpose.

If all the IP Address configuration work fine, then we could step ahead to do some configuration to open telnet session.

The first step is to configure enable password with this command below

SW-ACCESS-01#configure terminal
SW-ACCESS-01(config)#enable password 123456

 

Also important to protect your console port with this command below

SW-ACCESS-01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW-ACCESS-01(config)#line console 0
SW-ACCESS-01(config-line)#password 123456
SW-ACCESS-01(config-line)#login

 

Then, to make your switch could receive 2 (two) telnet connection at the same time, you must enter this command

SW-ACCESS-01#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SW-ACCESS-01(config)#line vty 0 1
SW-ACCESS-01(config-line)#password 123456
SW-ACCESS-01(config-line)#login

 

At this point, your switch will be able to receive telnet session. And your job to make your stuff could configured remotely from other host was finished.

The running configuration file will looks like shown below. Look specified at line password. Your password shown as the plain text, not so good for the security reason

 

SW-ACCESS-01#show running-config
Building configuration...
Current configuration : 1308 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW-ACCESS-01
!
enable password 123456
!
no aaa new-model
ip subnet-zero
!
!
line con 0
 password 123456
 login
line vty 0 1
 password 123456
 login
line vty 2 4
 no login
line vty 5 15
 no login
!
end

 

In order to make the password shown as encryption line (chiper text), you should enter this command

SW-ACCESS-01(config)#service password-encryption

 

The running configuration file will looks like shown below. Please do a comparison with the first one.

SW-ACCESS-01#show running-config
Building configuration...
Current configuration : 1359 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SW-ACCESS-01
!
enable password 7 055A545C751918
!
control-plane
!
!
line con 0
 password 7 00554155500E5D
 login
line vty 0 1
 password 7 00554155500E5D
 login
line vty 2 4
 no login
line vty 5 15
 no login
 no login
!
--More--

 

For the security reason, using telnet is not safe enough in the modern network. Some administrator starts using SSH. If you want your Cisco device could support SSH connection, then you must upgrading your IOS.

 

Author : rendra[at]ilmujaringan[dot]com

.