Cisco CCNA Certification Exam Training: Telnet, Passwords, and Privilege

Your CCNA certification exam is likely going to contain questions about Telnet, an application-level protocol that allows remote communication between two networking devices. With Telnet use being as common as it is, you had better know the details of how to configure it in order to pass your CCNA exam and to work in real-world networks.

The basic concept is pretty simple - we want to configure R1, but we're at R2. If we telnet successfully to R1, we will be able to configure R1 if we've been given the proper permission levels. In this CCNA case study, R2 has an IP address of 172.12.123.2 and R1 an address of 172.12.123.1. Let's try to telnet from R2 to R1.

R2#telnet 172.12.123.1

Trying 172.12.123.1 ... Open

Password required, but none set

[Connection to 172.12.123.1 closed by foreign host]

This seems like a problem, but it's a problem we're happy to have. A Cisco router will not let any user telnet to it by default. That's a good thing, because we don't want just anyone connecting to our router! The "password required" message means that no password has been set on the VTY lines on R1. Let's do so now.

R1(config)#line vty 0 4

R1(config-line)#password baseball

A password of "baseball" has been set on the VTY lines, so we shouldn't have any trouble using Telnet to get from R2 to R1. Let's try that now.

R2#telnet 172.12.123.1

Trying 172.12.123.1 ... Open

User Access Verification

Password:

R1>

We're in, and placed into user exec mode. Let's say we want to configure a new IP address on the ethernet interface on R1. We'll now go into privileged exec mode....

R1>enable

% No password set

R1>

... or maybe we won't! The default behavior of Telnet on a Cisco router is to place the incoming user into user exec mode, and require an enable password to allow that user into privileged exec mode! Right now, we can't configure anything on this router and even the show commands we would use are limited at best.

If we wanted to allow all telnetting users to be put into privileged exec mode immediately without being prompted for an enable password, the command privilege level 15 placed on the VTY lines will accomplish this.

R1(config)#line vty 0 4

R1(config-line)#privilege level 15

From R2, we'll telnet into R1 again.

R2#telnet 172.12.123.1

Trying 172.12.123.1 ... Open

User Access Verification

Password:

R1#

We were able to telnet in from R2 with the original password of "baseball", and even better, we were placed into privileged exec mode immediately!

You may or may not want to do this in real-world networks, though. If you want to assign privilege levels on an individual user basis, configure usernames and passwords and use the privilege 15 command in the actual username/password command itself to give this privilege levels to some users but not all.

R1(config)#username heidi password klum

R1(config)#username tim privilege 15 password gunn

Both users can telnet into the router, but the first user will be placed into user exec and challenged for the enable password to enter privileged exec mode. If there is no enable password, the user literally cannot get into privileged exec. The second user will be placed into privileged exec immediately after successfully authenticating.

Passwords on a Cisco router or switch are vitally important, and you're not tied down to granting "all-or-nothing" access. Knowing the details like the ones shown here help you tie down network security while allowing people to do their jobs - and it doesn't hurt to know this stuff for the CCNA exam, either!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of over 100 free certification exam tutorials, including Cisco CCNA certification test prep articles. His exclusive Cisco CCNA study guide and Cisco CCNA training is also available!

Visit his blog and sign up for Cisco Certification Central, a daily newsletter packed with CCNA, Network+, Security+, A+, and CCNP certification exam practice questions! A free 7-part course, ?How To Pass The CCNA?, is also available, and you can attend an in-person or online CCNA boot camp with The Bryant Advantage!

Culture and Contemporary Life at San Francisco

San Francisco has been characterized by a high standard of living. The downtown has seen a renaissance driven by redevelopment of the Embarcadero, with the strong neighborhoods South Beach and Mission Bay. Boutiques along Fillmore Street in Pacific Heights are centralized by commerce and shopping districts downtown, with the Financial District and the area around Union Square, are very well-known.

Performing arts

San Francisco's ?War Memorial? and the ?Performing Arts Center? features some of the longest running and performing arts companies throughout the United States. The ?War Memorial Opera House? houses the ?San Francisco Opera? and ?San Francisco Ballet?, where as the ?San Francisco Symphony? is played in Davies Symphony Hall. The ?Herbst Theatre stages? an eclectic mix of real music performances, plus public radio's ?City Arts & Lectures?.

The ?Fillmore? is a music venue located in the Western Addition. It is the second incarnation of a venue that gained fame in the 1960s. Beach ?Blanket Babylon? is a zany musical revue and also a civic institution. San Francisco often hosts national touring productions of Broadway theatre shows in a number of year 1920s-era venues in the ?Theater District? including the ?Curran?, ?Orpheum?, and in ?Golden Gate Theatres?.

Museums

The San Francisco Museum of Modern Art (SFMOMA) has 20th Century contemporary pieces. It moved to iconic building in South of Market during 1995 and attracted 600,000 people annually. The ?Palace of the Legion of Honor? has primary works done by Europeans. The ?De Young Museum? and the ?Asian Art Museum? have a significant anthropological and non-European holding.

The ?Palace of Fine Arts?, was originally built for the 1915 ?Panama-Pacific Exposition?, now houses the ?Exploratorium?, a popular science museum devoted to teaching through hands-on-hands interaction. The ?California Academy of Sciences? is a natural history museum, which hosts the ?Morrison Planetarium? and ?Steinhart Aquarium?. The ?San Francisco Zoo? cares for about 250 animal pet?s species out of which 39 have been deemed endangered or threatened.

San Francisco is all about having contemporary life. The culture is maintained from long time. One can enjoy and explore themselves at San Francisco with great experience.

Amjath is a great tourist guide of San Francisco and is also a good copywriter who has worked for many sites describing many hotspots of San Francisco. For Further details on San Francisco tours, culture and life please visit http://www.sanfranshuttletours.com/ or contact Amjath through mail: sanfranshuttletours@gmail.com

 

CCNA Certification Exam Training: Passwords, Cisco Routers, And Network

CCNA certification is important, and so is securing our network's Cisco routers! To reflect the importance of network security, your CCNA certification exam is likely going to contain quite a few questions about the various passwords you can set on a Cisco router. Let's take a look at some of those passwords and when to apply them.

If the previous user has logged out of the router properly, you will see a prompt like this when you sit down at the router console:

R1 con0 is now available

Press RETURN to get started.

R1>

To get into enable mode, by default all I have to do is type "enable".

R1>enable

R1#

See how the prompt changed? By default, I can now run all the show and debug commands I want, not to mention entering global configuration mode and doing pretty much what I want. It just might be a good idea to password protect this mode! We do so with either the enable password command or the enable secret command. Let's use the enable password command first.

R1(config)#enable password dolphins

Now when I log out and then go back to enable mode - or try to - I should be prompted for the password "dolphins". Let's see what happens.

R1>enable

Password:

R1#

I was indeed prompted for a password. Cisco routers will not show asterisks or any other character when you enter a password; in fact, the cursor doesn't even move.

The problem with the enable password command is that the password will show in the configuration in clear text, making it easy for someone to look over your shoulder and note the password for future use, as shown below:

hostname R1

enable password dolphins

We could use the "service password-encryption" command to encrypt the enable password, but that will also encrypt all the other passwords in the Cisco router config. That's not necessarily a bad thing! Here's the effect of this command on the enable password we set earlier.

enable password 7 110D1609071A020217

Pretty effective encryption! However, if we want to have the enable password automatically encrypted, we can use the enable secret command. I'll use that command here to set this password to "saints", and note that I'm not removing the previous enable password.

R1(config)#enable secret saints

After removing the "service password-encryption" command, we're left with two enable mode passwords, and they appear in the Cisco router config like this:

enable password dolphins

enable secret 5 $1$kJB6$fPuVebg7uMnoj5KV4GUKI/

If we have two enable passwords, which one should we use to log into the router? Let's try the first password, "dolphins", first:

R1>enable

Password:

Password:

When you're prompted for the password a second time, you know you got it wrong the first time! Let's try "saints":

R1>enable

Password:

Password:

R1#

When both the enable secret and enable password commands are in use on a Cisco router, the enable secret password always takes precedence. "dolphins" didn't get us in, but "saints" did. That's valuable information for both the CCNA certification exam and real-world networks, because there's no worse feeling than typing a password at a Cisco router prompt and then getting another password prompt!

This is just one way to perform basic Cisco router security with passwords. We'll take a look at other methods in a future CCNA certification exam training tutorial!

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of over 100 free certification exam tutorials, including Cisco CCNA certification test prep articles. His exclusive Cisco CCNA study guide and Cisco CCNA training is also available!

Visit his blog and sign up for Cisco Certification Central, a daily newsletter packed with CCNA, Network+, Security+, A+, and CCNP certification exam practice questions! A free 7-part course, ?How To Pass The CCNA?, is also available, and you can attend an in-person or online CCNA boot camp with The Bryant Advantage!