password for: line vty 0 4

scotlawrencescotlawrence Member Posts: 13 ■□□□□□□□□□
Hello group,
this is my first post! :D
Im studying for the CCENT, hope to take the exam in about a month, then take the CCNA soon after.
I have a question concerning "line vty 0 4", I searched the forum, but didnt find anything related to this topic.
I have been studying and learning my basic configs like this:


S1(config)# line console 0
S1(config-line)# password (type the password)
S1(config-line)# login


S1(config-line)# line vty 0 4
S1(config-line)# password (type the password)

Notice that "line console 0" has the "login" command, while "line vty 0 4' does not have the login command.
I believe this is the technically correct way to do it, because line vty does not require the login command,
you have to enter the password no matter what, so it works properly without the login command..
(I have tested it, it works exactly the same with or without the login command.)
I understand that the login command for the console line IS necessary, to be prompted for the password.

Thats all fine and good..but here is why im making this post..
it seems EVERY training source shows "login" for the VTY line as well!
they all show, and teach it, like this:


S1(config)# line console 0
S1(config-line)# password (type the password)
S1(config-line)# login


S1(config-line)# line vty 0 4
S1(config-line)# password (type the password)
S1(config-line)# login

My question is..why?
Odom, Lammle, CBT nuggets, and pretty much everything I have found shows "login" for the vty line.
is it perhaps that "everyone learned it that way" so everyone just does it out of habit?
maybe..but now im paranoid! ;) will using "login" be required on the cisco exams?
should I just always use it? even though its redundant? one point on the exam can be the difference between passing and failing! ;)

anyone encounter this issue before?
its probably a non-issue in reality, it doesn't matter if you use it or not, the end result is the same.
but its got me curious, so I thought I would ask about it.

thanks,
Scot

Comments

  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    The default on the console is "no login" i.e. no password is required. If you want to put a password on the console you need to configure the "login" command.
    The default on the line is "login" which means a login password is required. If you want to remove the line password requirement, you can configure "no login" on the vty lines.

    Typically in a corporate environment your router/switch will be in a locked cabinet or in a secure room, so you would not require a console password.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    Do login first then the password and you will reveal your answer.

    Router(config-line)#login
    % Login disabled on line 194, until 'password' is set
    % Login disabled on line 195, until 'password' is set
    % Login disabled on line 196, until 'password' is set
    % Login disabled on line 197, until 'password' is set
    % Login disabled on line 198, until 'password' is set
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
  • scotlawrencescotlawrence Member Posts: 13 ■□□□□□□□□□
    Thanks Ed and Buff..
    Hondabuff wrote: »
    Do login first then the password and you will reveal your answer.

    Router(config-line)#login
    % Login disabled on line 194, until 'password' is set
    % Login disabled on line 195, until 'password' is set
    % Login disabled on line 196, until 'password' is set
    % Login disabled on line 197, until 'password' is set
    % Login disabled on line 198, until 'password' is set

    Sorry, but I dont know what that means..
    can you elaborate?
    thanks,
    Scot
  • crazybrownie13crazybrownie13 Registered Users Posts: 3 ■□□□□□□□□□
    I think it means that you need to set a password before you set a login.
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    Do it the way Cisco wants you to do it even though entering the password first overrides the login command.
    Configure In this section, you are presented with the information to configure a Telnet password.
    Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.
    [h=3]Configurations[/h]This document uses the Router-2 configuration.
    In order to set up the router to allow Telnet access, issue the line vty command. This command allows for the configuration of Virtual Terminal (VTY) lines for remote console access. You can configure the router to accept one or more Telnet sessions. It is strongly suggested that you configure password checking with the login and password line configuration commands. This example configures the router to accept five sessions, with the password "letmein":


    [TH="bgcolor: #ccccff"]Router-2[/TH]



    Router-2(config)#line vty 0 4Router-2(config-line)#login% Login disabled on line 66, until 'password' is set% Login disabled on line 67, until 'password' is set% Login disabled on line 68, until 'password' is set% Login disabled on line 69, until 'password' is set% Login disabled on line 70, until 'password' is setRouter-2(config-line)#password letmein

    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
  • scotlawrencescotlawrence Member Posts: 13 ■□□□□□□□□□
    Hondabuff wrote: »
    Do it the way Cisco wants you to do it even though entering the password first overrides the login command.
    Configure In this section, you are presented with the information to configure a Telnet password.
    Note: Use the Command Lookup Tool (registered customers only) to obtain more information on the commands used in this section.
    Configurations

    This document uses the Router-2 configuration.
    In order to set up the router to allow Telnet access, issue the line vty command. This command allows for the configuration of Virtual Terminal (VTY) lines for remote console access. You can configure the router to accept one or more Telnet sessions. It is strongly suggested that you configure password checking with the login and password line configuration commands. This example configures the router to accept five sessions, with the password "letmein":


    [TH="bgcolor: #ccccff"]Router-2[/TH]


    Router-2(config)#line vty 0 4Router-2(config-line)#login% Login disabled on line 66, until 'password' is set% Login disabled on line 67, until 'password' is set% Login disabled on line 68, until 'password' is set% Login disabled on line 69, until 'password' is set% Login disabled on line 70, until 'password' is setRouter-2(config-line)#password letmein


    interesting..thanks.
    So typing in login as the 2nd line:

    #line vty 0 4
    #login

    causes "Login disabled on line 66, until 'password' is set"

    so it disables login, until you type in a password..ok, that makes sense.
    but! login is *already* disabled anyway! ;) until you type in a password..
    which brings me right back to: the login command is redundant and unnecessary.

    im sure im over-thinking this! ;)
    I would just like to understand why everyone teaches typing in the login command on the vty config,
    when it doesn't seem necessary or seem to do anything.

    thanks,
    Scot
  • dou2bledou2ble Member Posts: 160
    EdTheLad wrote: »
    Typically in a corporate environment your router/switch will be in a locked cabinet or in a secure room, so you would not require a console password.

    Maybe in an environment that never gets audited. Console timeout and password are required in Federal policies and ISO27001. A secure room and locked cabinet are not secure enough.
    2015 Goals: Masters in Cyber Security
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    interesting..thanks.
    So typing in login as the 2nd line:

    #line vty 0 4
    #login

    causes "Login disabled on line 66, until 'password' is set"

    so it disables login, until you type in a password..ok, that makes sense.
    but! login is *already* disabled anyway! ;) until you type in a password..
    which brings me right back to: the login command is redundant and unnecessary.

    im sure im over-thinking this! ;)
    I would just like to understand why everyone teaches typing in the login command on the vty config,
    when it doesn't seem necessary or seem to do anything.

    thanks,
    Scot

    I would agree that it is redundant but I always do it in this order and don't give it much thought. icon_study.gif

    Router(config)#line vty 0 4
    Router(config-line)#logging synchronous
    Router(config-line)#login
    % Login disabled on line 194, until 'password' is set
    % Login disabled on line 195, until 'password' is set
    % Login disabled on line 196, until 'password' is set
    % Login disabled on line 197, until 'password' is set
    % Login disabled on line 198, until 'password' is set
    Router(config-line)#password Cisco123
    Router(config-line)#exec-timeout 30 0
    Router(config-line)#transport input ssh
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
Sign In or Register to comment.