Telnet is a simple yet powerful program that allows you to connect to a remote Cisco router or switch, and then configure it as though you were right at the console. Telnet is also one of those features that seems so very simple, until you get asked a half dozen questions about it on your CCNA exams. As with all topics, it’s the details you know about Telnet that will help you pass the Intro and ICND exams.

Let’s take a look at a few of these details. We’ll begin by debunking one common belief about Telnet:

Telnet runs at layer 7 of the OSI model, not layer 3!

It’s easy to think that Telnet runs at Layer 3 of the OSI model, the Network layer. After all, you’re entering an IP address when you telnet in to a router or switch, and you may be on another router when you do it! None of that matters. Layer 3 is strictly the domain of routing. Like other features that require input from the end user, especially authentication, Telnet runs at the Application layer of the OSI model.

Speaking of authentication….

Cisco routers require a password to be set before anyone can telnet in.

Cisco routers can run quite a few passwords. We can set an enable password, an enable secret, an enable secret and enable password, a password for PPP connections, and even a console password.

All of those are optional, but the telnet password is not. Makes sense – you wouldn’t want just anyone telnetting into your router, would you?

If you have no password set on the VTY lines of your router, no one can telnet in. If they try, they’ll see this message:

R1#telnet 3.3.3.3

Trying 3.3.3.3 ... Open

Password required, but none set

[Connection to 3.3.3.3 closed by foreign host]

To allow telnet access into a Cisco router, configure the VTY lines with a password and the login command:

R3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R3(config)#line vty 0 4

R3(config-line)#login

% Login disabled on line 2, until 'password' is set

% Login disabled on line 3, until 'password' is set

% Login disabled on line 4, until 'password' is set

% Login disabled on line 5, until 'password' is set

% Login disabled on line 6, until 'password' is set

R3(config-line)#password cisco

Note the messages you get after enabling login. These messages simply indicate that the login won’t work until a password is set. The order with which you use the login and password commands don’t matter just make sure you use them both.

We’re not quite done, though. The remote user can now telnet in, but by default, that user will be placed into user exec mode. If the user is to be allowed to enter privileged exec mode during a telnet session, an enable password or enable secret must be set.

R1#telnet 3.3.3.3

Trying 3.3.3.3 ... Open

User Access Verification

Password:

R3>enable

% No password set

R3>

The user is stuck in user exec until you set a local enable password. Doing so will allow the user to use that password to enter privileged exec mode.

R3#conf t

R3(config)#enable password ccna

R3(config)#^Z

R1#telnet 3.3.3.3

Trying 3.3.3.3 ... Open

User Access Verification

Password: < user entered cisco here>

R3>enable

Password: < user entered ccna here >

R3#

The user is now in privileged exec mode. There’s also another method to use so the user is placed directly into privileged exec mode when telnetting in, avoiding the enable password prompt. Use the command privilege level 15 on the VTY lines to do so.

R3#conf t

R3(config)#line vty 0 4

R3(config-line)#privilege level 15

R1#telnet 3.3.3.3

Trying 3.3.3.3 ... Open

User Access Verification

Password: < user entered VTY line password here >

R3#

Note that the user went straight to privileged exec mode.

Managing Telnet Connections

We already know how to use Telnet (a layer 7 application) to access a remote device there are also commands that help us manage telnet connections.

“show sessions" is a common command to see what current telnet sessions are operating.

Telnet sessions do not have to be exited they can be suspended as well. The command to suspend the Telnet session is followed by striking the “X" key.

To resume this telnet session, enter the resume command followed by the session number (“resume 1") and press .

To end a suspended telnet session, enter the disconnect command followed by the session number (“disconnect 1") and press .

__________________________________________

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of over 100 free certification exam tutorials, including Cisco CCNA certification test prep articles. His exclusive Cisco CCNA study guide and Cisco CCNA training is also available!

Visit his blog and sign up for Cisco Certification Central, a daily newsletter packed with CCNA, Network+, Security+, A+, and CCNP certification exam practice questions! A free 7-part course, “How To Pass The CCNA", is also available, and you can attend an in-person or online CCNA boot camp with The Bryant Advantage!