Options
enable secret
x5150
Member Posts: 42 ■■□□□□□□□□
in CCNA & CCENT
Are these commands the same? Meaning you can set the secret password from any priveleged prompt?
Switch(config-line)#enable secret its-a-secret
Switch(config)#enable secret its-a-secret
They are at different levels, one for global and one for the line config.
They seem to have the same outcome of requiring a user to enter a password to get to privileged mode regardless if directly connected or through telnet.
Switch(config-line)#enable secret its-a-secret
Switch(config)#enable secret its-a-secret
They are at different levels, one for global and one for the line config.
They seem to have the same outcome of requiring a user to enter a password to get to privileged mode regardless if directly connected or through telnet.
Comments
-
Optionssuper22 Member Posts: 48 ■■□□□□□□□□Switch(config-line)#enable secret its-a-secret
- this should ONLY configure the password for telnet/console
Switch(config)#enable secret its-a-secret
- this should ONLY configure the enable password
maybe you can give us the whole config so we can take a better look:D -
Optionsthehourman Member Posts: 723I am on the same boat; actually, I am at page 244(Odom's book).
So, we can use the enable secret on telnet/ssh as well.
Is that the password we are going to use if we are going to use telnet/ssh or is that the password after we login to telnet/ssh to access the enable mode?
What exactly the difference between the password in login local and the enable secret in line vty?
The reason I asked is that when you setup the telnet/ssh the commands are:
login local
transport input telnet ssh
username name password password
ip domain-name something.com
crypto key generate rsa
This is my understanding between the two(my 2nd question) the password in login local is for logging in to telnet/ssh, and the enable secret in line vty is for accessing the enable mode after logging to telnet/ssh.
Please correct me if I am wrong. I need a clarify this as well.
EDIT:
About the ip domain-name, do I have to have a domain name to make it to work?
I just want to use ssh on my lab while I am at my friends house. Also, how do I copy the show crypto key mypublic key rsa to my netbook which is the client? I use tera term.Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
OptionsCiskHo Member Posts: 188thehourman wrote: »About the ip domain-name, do I have to have a domain name to make it to work?My Lab Gear:
2811(+SW/POE/ABGwifi/DOCSIS) - 3560G-24-EI - 3550-12G - 3550POE - (2) 2950G-24 - 7206VXR - 2651XM - (2) 2611XM - 1760 - (2) CP-7940G - ESXi Server
Just Finished: RHCT (1/8/11) and CCNA:S (Fall 2010)
Prepping For: VCP and CCNP SWITCH, ROUTE, TSHOOT -
Optionsthehourman Member Posts: 723No. You could use cnn.com or ANYTHING you wanted. It doesn't need to be a registered domain name in order for SSH to work
I can make up a random name and lets say thehourman.com, and use it for ip domain-name. The question is can I access my switch using ssh from outside my own network?
Also, how am I going to copy the show crypto mypublic key rsa to my netbook for accessing the switch?Studying:
Working on CCNA: Security. Start date: 12.28.10
Microsoft 70-640 - on hold (This is not taking me anywhere. I started this in October, and it is December now, I am still on page 221. WTH!)
Reading:
Network Warrior - Currently at Part II
Reading IPv6 Essentials 2nd Edition - on hold -
OptionsCiskHo Member Posts: 188thehourman wrote: »I just want to make sure that I understand what you said.
I can make up a random name and lets say thehourman.com, and use it for ip domain-name. The question is can I access my switch using ssh from outside my own network?thehourman wrote: »Also, how am I going to copy the show crypto mypublic key rsa to my netbook for accessing the switch?
But for whatever reason I was unable to connect from the WAN side (only LAN worked for me). I even did port forwarding on my gateway router for port 22 (SSH) to be sent to my devices LAN IP but that didn't work. Could be my work was blocking outgoing port 22. I dunno... FWIW, I was using a registered domain name and then tried IP. Neither worked. But I am able to connect from my LAN with no problem.My Lab Gear:
2811(+SW/POE/ABGwifi/DOCSIS) - 3560G-24-EI - 3550-12G - 3550POE - (2) 2950G-24 - 7206VXR - 2651XM - (2) 2611XM - 1760 - (2) CP-7940G - ESXi Server
Just Finished: RHCT (1/8/11) and CCNA:S (Fall 2010)
Prepping For: VCP and CCNP SWITCH, ROUTE, TSHOOT -
OptionsConstantlyLearning Member Posts: 445But for whatever reason I was unable to connect from the WAN side (only LAN worked for me). I even did port forwarding on my gateway router for port 22 (SSH) to be sent to my devices LAN IP but that didn't work. Could be my work was blocking outgoing port 22. I dunno... FWIW, I was using a registered domain name and then tried IP. Neither worked. But I am able to connect from my LAN with no problem.
The cisco device you were trying to connect to was probably missing a default gateway. Traffic coming from the WAN side was probably making it to the cisco device but the return traffic didn't know where to go because it didn't have a matching route."There are 3 types of people in this world, those who can count and those who can't" -
OptionsCiskHo Member Posts: 188ConstantlyLearning wrote: »The cisco device you were trying to connect to was probably missing a default gateway. Traffic coming from the WAN side was probably making it to the cisco device but the return traffic didn't know where to go because it didn't have a matching route.
WAN--Linksys--2811--3550--2950 (2950 pings Linksys just fine). Pretty sure telnet was working too, just not SSH. Will recheck and post findings asap.My Lab Gear:
2811(+SW/POE/ABGwifi/DOCSIS) - 3560G-24-EI - 3550-12G - 3550POE - (2) 2950G-24 - 7206VXR - 2651XM - (2) 2611XM - 1760 - (2) CP-7940G - ESXi Server
Just Finished: RHCT (1/8/11) and CCNA:S (Fall 2010)
Prepping For: VCP and CCNP SWITCH, ROUTE, TSHOOT -
OptionsConstantlyLearning Member Posts: 445Thx, will double check that. I know the device (2811 router) has ip default-gateway of my GW router (Linksys). The Linksys passes info to the 2811 just fine. I can ping the Linksys from devices/switches that I have behind the 2811 so I would think the gateway info was there.
WAN--Linksys--2811--3550--2950 (2950 pings Linksys just fine). Pretty sure telnet was working too, just not SSH. Will recheck and post findings asap.
Can you ping public ip's from the 2811?
To set a default gateway on the 2811 use a default static route. Don't use the ip default-gateway.
ip route 0.0.0.0 0.0.0.0 [Linksys LAN interface IP]
"The ip default-gateway command differs from the other two commands. It should only be used when ip routing is disabled on the Cisco router."
Configuring a Gateway of Last Resort Using IP Commands - Cisco Systems"There are 3 types of people in this world, those who can count and those who can't" -
OptionsCiskHo Member Posts: 188ConstantlyLearning wrote: »Can you ping public ip's from the 2811?
To set a default gateway on the 2811 use a default static route. Don't use the ip default-gateway.
ip route 0.0.0.0 0.0.0.0 [Linksys LAN interface IP]
"The ip default-gateway command differs from the other two commands. It should only be used when ip routing is disabled on the Cisco router."
Configuring a Gateway of Last Resort Using IP Commands - Cisco Systems
Many thanks for that info! I had ip default-gateway set to my Linksys. Removed that and entered static route. Can ping my WAN IP from 2811. Have enabled port forwarding for port 22 (SSH) on the Linksys to my 2811's IP and still can't connect via Putty from my work. Hoping to look more into this during the w/e. Any thoughts on what I should be looking out for?
And sorry for the thread highjackingMy Lab Gear:
2811(+SW/POE/ABGwifi/DOCSIS) - 3560G-24-EI - 3550-12G - 3550POE - (2) 2950G-24 - 7206VXR - 2651XM - (2) 2611XM - 1760 - (2) CP-7940G - ESXi Server
Just Finished: RHCT (1/8/11) and CCNA:S (Fall 2010)
Prepping For: VCP and CCNP SWITCH, ROUTE, TSHOOT -
Optionsnotgoing2fail Member Posts: 1,138Many thanks for that info! I had ip default-gateway set to my Linksys. Removed that and entered static route. Can ping my WAN IP from 2811. Have enabled port forwarding for port 22 (SSH) on the Linksys to my 2811's IP and still can't connect via Putty from my work. Hoping to look more into this during the w/e. Any thoughts on what I should be looking out for?
And sorry for the thread highjacking
I would also allow pings to get to your 2811 from work. If the pings work, then you can troubleshoot the SSH.
If the pings don't work (with port forwarding) then now you know it's probably a routing issue.
Or like you said, your work could be blocking SSH. That's always a possibility.... -
OptionsCiskHo Member Posts: 188I am able to SSH into the 2811 by hitting my WAN IP from my LAN wifi. However, I am still unable to SSH from work and hit the 2811. Cisco coworkers say SSH is not blocked from our work site. Also confirmed no ACLs are in place. Hmmm... will have to dig deeper.My Lab Gear:
2811(+SW/POE/ABGwifi/DOCSIS) - 3560G-24-EI - 3550-12G - 3550POE - (2) 2950G-24 - 7206VXR - 2651XM - (2) 2611XM - 1760 - (2) CP-7940G - ESXi Server
Just Finished: RHCT (1/8/11) and CCNA:S (Fall 2010)
Prepping For: VCP and CCNP SWITCH, ROUTE, TSHOOT -
Optionsnotgoing2fail Member Posts: 1,138I am able to SSH into the 2811 by hitting my WAN IP from my LAN wifi. However, I am still unable to SSH from work and hit the 2811. Cisco coworkers say SSH is not blocked from our work site. Also confirmed no ACLs are in place. Hmmm... will have to dig deeper.
Do you know any other SSH sites you can try? If you can SSH to other sites, then it's definitley an issue with your home. If you can't, then your coworkers are lying dogs.... LOL... -
Optionshexem Member Posts: 177Have you opened up the port on the linksys firewall ?
i'd expect everything is being denied by default so you need to go add a specific rule for ssh.ICND1 - Passed 25/01/10
ICND2 - Passed 9/03/10
Studying CCNA:S -
OptionsCiskHo Member Posts: 188Have you opened up the port on the linksys firewall ?
i'd expect everything is being denied by default so you need to go add a specific rule for ssh.My Lab Gear:
2811(+SW/POE/ABGwifi/DOCSIS) - 3560G-24-EI - 3550-12G - 3550POE - (2) 2950G-24 - 7206VXR - 2651XM - (2) 2611XM - 1760 - (2) CP-7940G - ESXi Server
Just Finished: RHCT (1/8/11) and CCNA:S (Fall 2010)
Prepping For: VCP and CCNP SWITCH, ROUTE, TSHOOT -
Optionsx5150 Member Posts: 42 ■■□□□□□□□□Switch(config-line)#enable secret its-a-secret
- this should ONLY configure the password for telnet/console
Switch(config)#enable secret its-a-secret
- this should ONLY configure the enable password
maybe you can give us the whole config so we can take a better look:D
Here's the order of the commands,
enable
configure terminal
line vty 0 15
password ciscopress
login
enable secret its-a-password # there's a note that this is a global config command
# at this point the command prompt has changed from
Switch(config-line)#
to
Switch(config)#
then go to Router
telnet Switches_IP
# prompted for password
ciscopress
prompt is now my Switch>
enable
its-a-secret
# now privileged mode