Cisco IOS Router Basic Configuration

Hi Hussein,

Now I understand your question :slight_smile:

There are two methods:

  1. username hussein password cisco123

If you do it like this, then it will be saved in the configuration in clear text.

  1. username hussein secret cisco123

If you use “secret” then it will create a MD5 hash of your password.

You can’t have a “password” and “secret” at the same time for one user account so you are getting this error because you probably already configured a secret for your username. Remove it first and then you can set a password.

It’s also possible to encrypt all plaintext passwords in the configuration with the “service password-encryption” command. However, this is a very poor encryption type:

https://networklessons.com/security/decrypt-type-7-password-using-key-chain/

Rene

Hi Hussein,

SSH client requires a few more parameters than telnet:

R1#ssh ?
  -c    Select encryption algorithm
  -l    Log in using this user name
  -m    Select HMAC algorithm
  -o    Specify options
  -p    Connect to this port
  -v    Specify SSH Protocol Version
  WORD  IP address or hostname of a remote system

Try this:

R1#ssh -l admin 192.168.1.1

Hi Hussein,

I think the wikipedia page is a good start:

The most common use for using the “ip domain-name” command is probably SSH. However it’s also used sometimes for certificates.

To give you an idea, here’s an example where I used certificates for the anyconnect VPN on an ASA firewall:

https://networklessons.com/security/cisco-asa-anyconnect-self-signed-certificate/

Rene

Thanks Rene it’s work but when I try to enter the correct password i did’t have access , why?

thanks Rene I understand know

Let me give you a complete example:

R2(config)#ip domain-name networklessons.local

R2(config)#crypto key generate rsa             

The name for the keys will be: R2.networklessons.local
Choose the size of the key modulus in the range of 360 to 2048 for your
General Purpose Keys. Choosing a key modulus greater than 512 may take
a few minutes.

How many bits in the modulus [512]: 1024
% Generating 1024 bit RSA keys, keys will be non-exportable…[OK]

R2(config)#username rene secret mysecretkey

R2(config)#line vty 0 4
R2(config-line)#login local
R2(config-line)#transport input ssh

And then on another router:

R1#ssh -l rene 192.168.12.2

Password: 

R2>

Thank you Rene for clarification and a full explanation,

It’s work with me in packet tracer but in gns3 it does’t work I think because there is issues of IOS that I used.

Hi Rene,

The router is just route right, so what is the benefit of interface VLAN in the router ? is it for management after assigning ip address to it or there is something else?

Hi Rene,

How do we know how many VTY lines ( SSH or Telnet ) open in the same router at the same time?
and how to kick one of them or all them except the line that I used?

Hi Hussein,

You can see all lines with the “show line” command and you can disconnect one with the “clear line” command. For SSH it’s better to use “show ssh” as you will be able to see the usernames.

Rene

Hi Hussein,

Normally a router only has L3 interfaces, you will find the VLAN interfaces normally on L2 or L3 switches.

On a L2 switch, this is where you configure the IP address so you can manage it remotely through telnet or SSH.

On L3 switches, we can use an IP address on a VLAN interface as the default gateway for a VLAN. Here’s an example for this:

https://networklessons.com/switching/intervlan-routing/

Rene

thanks Rene,

I I understood the benefit of assigning an IP address on a VLAN interface
on a L2 & L3 switches.

But when I use 2911 router in packet tracer or any other routers, observed one of the interface is vlan and his protocol status is always down and I know that router’s interfaces are routed port so there is no way to access this vlan to one of this router interfaces so my question is what is the benefit of this vlan interface and how to change his protocol status to up.

Greetings,

Hi Hussein,

Did you use one of the Etherswitch modules in the 2911?

Rene

Nope,

I use 2911 in cisco packet tracer and I just drag and drop the icon of this router without add any etherswitch modules؟

I think etherswitch modules it can be added in GNS3 only, right ? or am I wrong?

Hi Hussein,

I just checked and packet tracer does support the HWIC-4ESW module for switching ports. Normally on a router we don’t use VLAN interfaces, only if you require a L3 interface for switchports. The switchports of a switch module are a good example but it’s also used for the internal access point on a 1941. Here’s an example where I used it:

https://networklessons.com/wireless/cisco-1941w-wireless-configuration-example/

Rene

Hi Rene,

I really appreciate your efforts in explaining some of the difficult topics in a much simpler and easy to understand method.

I have a small query on this topic.

If I want to swap a faulty router with a new one and If I have config file available on the flash of faulty router, and after I erase start-up configs and copy config file to NVRAM and ready to reload the new router, do I need to enter Yes or No?

yourname#reload
System configuration has been modified. Save? [yes/no]: no >>>>>>>>>> Here at this point

Please clarify.

Thanks

Aravind

Hello Aravind.

If I’ve understood your question correctly, you’ve erased the startup config from the new router, and you’ve copied the startup config from the old router to the new router.

If that is the case, then the startup config in the new router is the configuration you want to end up with when you reload, regardless of what the running config is. So, if you want to keep the startup config, then you should answer NO so that upon reload, the startup config will be loaded.

I hope this has been helpful!

Laz

Hi Laz,

Thank you. Yes, your explanation was helpful.

Regards

Aravind

Hi Rene,

I have a particular problem with a switch which I cant access.

line vty 0 4
 exec-timeout 0 0
 password 7 121F54041A0D5D0A
 logging synchronous
 login
 transport input all
 transport output all

line vty 5 15
 access-class 23 in
 exec-timeout 0 0
 password 7 03020A180E0970424
 login
 transport input telnet
 transport output telnet

My ipaddress is in the acl 23.
Both ports are configured with the correct vlan, this switch and switch connecting to it.
Transport input is all.
the switch that I cannot access is pingable but will refuse ssh and telnet.
Default gateway correct. (checked old configs)

Is the switch busted? Or am I missing something?

We will need more information. What IP are you trying to reach on the switch? Is this IP an SVI or assigned to a physical interface? What IP are you making the connection from? What are the details of your access-list 23? Have you tried making your connection on the same subnet as the IP to which you are trying to connect? When say it is refusing the connection, is the port open, but actively rejecting your attempt, or you get no response at all? If you are using SSH, I assume you have done a crypto key generate rsa?

1 Like