Scroll To Top

How to Enable Telnet and SSH on Cisco Router and Switches?

Posted in CCNA3 years ago • Written by ShaisNo Comments

This article is going to shows the CCNA students to configure and enable telnet and ssh on Cisco router and switches. The Telnet is an old and non secure application protocol of remote control services. You can configure telnet on all Cisco switches and routers with the following step by step guides. But it’s not the best way on the wide area network. However we just going to enable telnet and ssh to test them for CCNA Certification exams.

Enable Telnet and SSH on Cisco Router

To enable telnet on Cisco router, simply do it with “line vty” command. First of first download the CCNA Lab for Enable Telnet and SSH on Cisco Router from Telnet and SSH Lab. The Lab is configured with DHCP server and all clients get IP address from DHCP Server on Router.

Enable Telnet and SSH

Enable Telnet and SSH

Go to router R1 console and configure telnet with “line vty” command.

R1>enable
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#line vty 0
R1(config-line)#password Pass123
R1(config-line)#login
R1(config-line)#logging synchronous 
R1(config-line)#exec-timeout 40
R1(config-line)#motd-banner
R1(config-line)#exit
R1(config)#

The “line vty” command enable the telnet and the “0″ is just let a single line or session to the router. If you need more session simultaneously, you must type “line vty 0 10“.

The “password” command set the “Pass123” as password for telnet. You can set your own password.

The “login” command authenticate and ask you the password of telnet. If you type “no login” command, the telnet never authenticate for password which is not a good practice in real network environment.

The “logging synchronous” command stops any message output from splitting your typing.

The “exec-timeout” command just sets the time-out limit on the line from the default to “40″ minutes.

The motd-banner forces a banner message to appear when logging in.

OK, the Telnet services enabled successfully. But you must set the enable password for router in order to control it remotely.

R1(config)#enable password Password
R1(config)#exit

Testing Telnet Connectivity

Now from a client PC test the telnet connectivity and to insure that it works fine or not yet. If it is not work, try to troubleshoot telnet errors.

Let’s test telnet from the admin PC. Type telnet 192.168.10.1 and press enter, then enter the telnet password. Next type enable command and press enter, then type the router password.

Packet Tracer PC Command Line 1.0
PC>telnet 192.168.10.1
Trying 192.168.10.1 …Open

User Access Verification

Password:
R1>enable
Password:
R1#

Now you are remotely connected to router R1 and you can execute all router commands through telnet command line interface.

If you need more information about Telnet commands and options, from the config-line mode type “?“, the question mark will display all telnet commands.

Telnet Helps

Telnet Helps

That is it, the telnet services configuration on Cisco router.

2. Enable Telnet and SSH: SSH Configuration.

Secure Shell or SSH is a secure protocol and the replacement for Telnet and other insecure remote shell protocols. So for secure communication between network devices, I strongly recommend using SSH instead of Telnet.

Configure SSH on Cisco routers and switches with the below step by step guide to SSH configuration.

Enable Telnet and SSH on Cisco Router

Enable Telnet and SSH on Cisco Router

1. Open the router R1 console line and create domain and user name.

R1(config)#ip domain-name Technig.com
R1(config)#username Shais Password Pass123
R1(config)#

Then “ip domain-name” command create a domain and named Technig.com.

The “username Shais Password Pass123” command just create a user name “Shais” with “Pass123” password.

2. If you don, just follow and generate the encryption keys for securing the ssh session.

R1(config)#crypto key generate rsa
The name for the keys will be: R1.Technig.com
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

R1(config)#

Type “crypto key generate rsa” command and press enter, when ask you “How many bits in the modulus [512]:” just type “1024″ and press enter. The system will generate 1024 bits keys to secure session lines. You can choose modulus in the range of 360 to 2048.

3. Now enable SSH version 2, set time out duration and login attempt time on the router. Remember this message if you going to use ssh version 2 “Please create RSA keys (of at least 768 bits size) to enable SSH v2.

R1(config)#ip ssh version 2
R1(config)#ip ssh time-out 50
R1(config)#ip ssh authentication-retries 4

4. Enable vty lines and configure access protocols.

R1(config)#line vty 0
R1(config-line)#transport input ssh
R1(config-line)#password Pass123
R1(config-line)#login 
R1(config-line)#logging synchronous
R1(config-line)#motd-banner
R1(config-line)#exit
R1(config)#

The configuration is the same as telnet, just the transport input ssh command change the line to Secure Shell. Configuration has completed, next you must test ssh from a client PC.

Testing SSH Connectivity

From a client PC, open the command line and type “ssh -l Shais 192.168.10.1” then press enter.

Packet Tracer PC Command Line 1.0
PC>ssh -l Shais 192.168.10.1
Open
Password:

R1>enable
Password:
R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#

Here, I have connected successfully and the connection is secured with Secure Shell.

Hope you understand the configuration of enable Telnet and SSH on Cisco router and switches. Now you should be able to simply enable Telnet and SSH on your routers and switches.


TAGS: , , ,
About this Author
Shais

I’m a network and Information Security instructor. Here is my online pictorial notebook. I would like to write and share my experience through this website for computer enthusiasts and technology geeks.

Like us on Facebook
on Facebook
Shais

Follow me on Twitter
Follow @technigs on Twitter
Shais
Add me on Google+
on Google+
Shais

Leave A Response