Here are two questions that a lot of new Cisco Engineers struggle with.
- Are passwords required on vty lines?
- How do you configure vty passwords?
Here we look at 4 options:
- Line passwords
- Local username passwords
- No login
- AAA
In the previous article I covered options 1 and 2. In this article I cover options 3 & 4.
No password (not recommended): It is possible to set up a router to allow vty connections without authentication. This is not a good idea for the real world, but in a lab environment it can save time.
Router>enable Router#configure terminal Router(config)#line vty 0 4 Router(config-line)#no login
Testing: C:>telnet 10.1.2.1 Router>
Notice that no authentication was required. You are taken directly to user mode.
AAA servers: This is the most secure and scalable way of implementing authentication. This uses a central server where all usernames and passwords are stored. A windows 2000/2003 server could be used for example, so that users use the same passwords on windows and routers/switches.
Router>enable Router#configure terminal Router(config)#aaa new-model Router(config)#aaa authentication login default group tacacs Router(config)#line vty 0 4 Router(config)#login authentication default
Testing: C:>telnet 10.1.2.1
User Access Verification Username: david Password: Router
More configuration would be required for AAA integration.
Please look for my other articles explaining how to setup AAA authentication.
Conclusion: The most secure way to implement vty passwords is to use a AAA server. However, you may be required to implement other methods and hence the need to know about the 4 methods covered in my articles.
Author: David Bombal
Article Source: EzineArticles.com
Provided by: How Electric Pressure Cookers Work