Config Lab: Telnet Config

 In 200-301 V1 Ch16: Router Addresses and Routes, 200-301 V1 Part 5: IPv4 Routing, 200-301 V1 Parts, Config Lab, Config Lab CCNA Vol 1 Part 2, Hands-on
20

Today’s post takes us from a cleanly wiped router config (except hostnames), to one router being ready for Telnet support. As usual, you can do the lab on paper or in a text editor in just a few minutes, or use Cisco Packet Tracer or Cisco Modeling Labs.

Config-Lab-V2-w300
More about Config Labs

All about Config Labs

The blog has a series of lab exercises called “Config Labs.” Each lab presents a topology with the relevant initial configuration for each device. The lab also lists new requirements, after which you should create the additional configuration to meet those requirements. You can do the lab on paper, in a text editor, or use software tools like Cisco Packet Tracer or Cisco Modeling Labs.

Once you have created your answer, you can click various tabs at the bottom of this post to see the lab answers, comments about the lab, and other helpful information.

The Lab Exercise

Cisco routers support inbound Telnet connections. However, to allow Telnet, the router needs some non-default configuration added. For this lab, you need to identify the bare minimum of non-default commands that must be configured to allow Telnet into the router.

Configure router R1 in the figure below. The initial config has all default configuration other than the hostname R1 command. (The switch has all default configuration, notably with both ports in the same VLAN.) Your job is to list the configuration on R1 such that:

  1. A user at PC1, in the same VLAN as R1’s G0/0 interface, can Telnet successfully into R1.
  2. The user has to supply only a password; no username is required.
  3. Configure no unnecessary commands (use defaults).
  4. Assume PC1, as well as all LAN devices, have already been configured correctly.
  5. Use the numerically highest IP address in the subnet for any router IP address configuration.

Figure 1 – Lab Topology for this Lab

Answer Options - Click Tabs to Reveal

Option 1: Paper/Editor

You can learn a lot and strengthen real learning of the topics by creating the configuration – even without a router or switch CLI. In fact, these labs were originally built to be used solely as a paper exercise!

To answer, just think about the lab. Refer to your primary learning material for CCNA, your notes, and create the configuration on paper or in a text editor. Then check your answer versus the answer post, which is linked at the bottom of the lab, just above the comments section.

Option 2: Cisco Packet Tracer

You can also implement the lab using the Cisco Packet Tracer network simulator. With this option, you use Cisco’s free Packet Tracer simulator. You open a file that begins with the initial configuration already loaded. Then you implement your configuration and test to determine if it met the requirements of the lab.

(Use this link for more information about Cisco Packet Tracer.)

Use this workflow to do the labs in Cisco Packet Tracer:

  1. Download the .pkt file linked below.
  2. Open the .pkt file, creating a working lab with the same topology and interfaces as the lab exercise.
  3. Add your planned configuration to the lab.
  4. Test the configuration using some of the suggestions below.

Download this lab’s Packet Tracer File

Option 3: Cisco Modeling Labs

You can also implement the lab using Cisco Modeling Labs – Personal (CML-P). CML-P (or simply CML) replaced Cisco Virtual Internet Routing Lab (VIRL) software in 2020, in effect serving as VIRL Version 2.

If you prefer to use CML, use a similar workflow as you would use if using Cisco Packet Tracer, as follows:

  1. Download the CML file (filetype .yaml) linked below.
  2. Import the lab’s CML file into CML and then start the lab.
  3. Compare the lab topology and interface IDs to this lab, as they may differ (more detail below).
  4. Add your planned configuration to the lab.
  5. Test the configuration using some of the suggestions below.

Download this lab’s CML file!

 

Network Device Info:

This table lists the interfaces listed in the lab exercise documentation versus those used in the sample CML file.

Device Lab Port  CML Port
SW1 F0/1 G0/0

Lab Answers Below: Spoiler Alert

Lab Answers: Configuration (Click Tab to Reveal)

Lab Configuration

Answers: Configuring Telnet

This lab asks for the required, non-default configuration to enabled Telnet on router R1, with other conditions. Check out the original lab problem statement for the details. Figure 1 repeats the network diagram, and Example 1 lists the answer.

Figure 1: Lab Topology with IP Subnet

This lab does require that you do a little subnetting math as well. The requirements state for the router to use the highest IP addresses in the subnet, but the lab did not list the specific IP address to be used for each router interface. R1 needs an IP address on its G0/0 interface, which is shown in subnet 172.18.1.0/26. That subnet has a range of usable addresses from 172.18.1.1 – 172.18.1.62, so the configuration uses the .62 address for R1’s F0/0.

interface GigabitEthernet0/0
 no shutdown
 ip address 172.18.1.62 255.255.255.192
!
line vty 0 15
 password Certskills
 transport input telnet
 
! Note – if you only did VTY’s 0 through 4, that’s ok.
! The config relies on a default vty subcommand of login

Example 1: R1 Telnet Config

Commentary, Issues, and Verification Tips (Click Tabs to Reveal)

Lab Commentary

Cisco routers and switches allow a simple security method for both console and Telnet access. Basically, all you have to do is tell the device to use that method by supplying a prompt for the password (the login subcommand) and defining the password’s value (the password subcommand).

Note that the answer shows the configuration of the VTY password (to support Telnet) with VTYs 0 through 4 as separate from the configuration of VTYs 5 through 15. This quirk of Cisco output has to do with the fact that older IOS versions support only VTYs 0 through 4. You could have used the commands literally shown in the answer example, or you could have used the command line vty 0 15, followed by those same password and login commands.

Known Packet Tracer Issues

Known Issues in this Lab

This section of each Config Lab Answers post hopes to help with those issues by listing any known issues with Packet Tracer related to this lab. In this case, the issues are:

# Summary Detail
1 None No known issues related to this lab.

 

Why Would Cisco Packet Tracer Have Issues?

(Note: The below text is the same in every Config Lab.)

Cisco Packet Tracer (CPT) simulates Cisco routers and switches. However, CPT does not run the same software that runs in real Cisco routers and switches. Instead, developers wrote CPT to predict the output a real router or switch would display given the same topology and configuration – but without performing all the same tasks, an actual device has to do. On a positive note, CPT requires far less CPU and RAM than a lab full of devices so that you can run CPT on your computer as an app. In addition, simulators like CPT help you learn about the Cisco router/switch user interface – the Command Line Interface (CLI) – without having to own real devices.

CPT can have issues compared to real devices because CPT does not run the same software as Cisco devices. CPT does not support all commands or parameters of a command. CPT may supply output from a command that differs in some ways from what an actual device would give. Those differences can be a problem for anyone learning networking technology because you may not have experience with that technology on real gear – so you may not notice the differences. So this section lists differences and issues that we have seen when using CPT to do this lab.

Verification Tips for CPT/CML

Beyond comparing your answers to this lab’s Answers post, you can test in Cisco Packet Tracer (CPT) or Cisco Modeling Labs (CML). In fact, you can and should explore the lab once configured. For this lab, once you have completed the configuration, try these verification steps. 

  1. Open a command prompt on the PC and test connectivity to R1’s G0/0 IP address using the ping command.
  2. If successful, test Telnet using the telnet command to that same IP address. If successful, you should be prompted for a password, and if you supply the password you just configured, you should reach the user mode prompt of the router.

More Labs with Related Content!

Explore Same Topic w/ Book Examples

cgptl2020-logo-v3

More Config Labs from Same Book Part

configlab-logo-v3
Config Lab: CLI Miscellany 1
Config Lab: SSH Config
Subscribe
Notify of
guest

20 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Alfonso

third lab with no packet tracer file. I guess all the lab files moved? Please advise as I really want to do all of your labs. thank you

0
Reply
certskills

Alfonso,
Thanks for the note. The site had a problem that was introduced by some Linux maintenance applied by the hosting company. Should all be good as of later that same day.

Great to hear of your enthusiasm for doing the labs!

0
Reply
Bayron Salgado

Hey I been trying to do your labs but it appears your files are incompatible with the latest packet tracer. What version do you advise we use? I’m currently on 8.1.1 on ubuntu.

0
Reply
certskills

Hi Bayron,
Sorry you’re having trouble opening the files. We saved it in PT 8.0. It opens fine for me in 8.0 and 8.1. Also, with you running 8.1, there should not be a version issue opening a file saved at 8.0 or 8.1 or earlier – only the reverse should be an issue, ie, file saved with 8.1 not openable by PT version 8.0 or earlier. So, I think the file is good.
I did not test on Ubuntu, by the way.

0
Reply
Jonas

Im trying to do complete this exercise using PT and this is my configuration on the vty

line vty 0 4
password cs
login
transport input telnet

I can telnet on R1 but not allowing me to go to enable mode. I don’t see any enable password / secret configured. Is this normal but looks like some bug on PT and not allowing me to enter enable mode until i set the password.

C:\>telnet 172.18.1.62
Trying 172.18.1.62 …Open

User Access Verification

Password:
R1>en
% No password set.

0
Reply
certskills

Jonas,
The behavior you’re seeing in PT is just like real gear. In short:
If you allow Telnet or SSH into the device
But do not have an enable or enable secret password set
Then when the user who connected w/ Telnet/SSH into user mode attempts the “enable” command, they are not allowed to move to enable mode, and get the message you see.

FYI, that logic of disallowing movement to privileged mode does not apply to a console user, so it you’ve been using PT and mostly connecting via the PT user interface, in which you in effect connect to the device console port, you would not have bumped into this issue.
Hope this helps…

0
Reply
Jonas

Understood and clear. Now a days we use AAA and some with enable secret and seldom use telnet password on line vty. Most of the time these basics were often overlook. Thanks

0
Reply
Jonas

Just pass the CCNA exam 200-301 2 weeks ago. Though, I didn’t manage to finish last few questions due to one sim question at the end which doesn’t make sense but i think it was a good try.

I might try to start my study for CCNP during spare time to gain more knowledge. The Cert Guide are very useful during my study, and I highly recommend them.

0
Reply
Wendell Odom

Congrats, Jonas! Glad you completed CCNA. A nice feeling, to be sure!
Hope your CCNP ENCOR studies go well.

0
Reply
GJM

In packet tracer the router isn’t showing or applying the no shutdown command on interface g0/0. I type it and it looks like it accepts it as it doesn’t return an error. But when doing a sh run it is not listed there. Also I did not see anywhere in the instructions on what password to use so I just used ‘cisco’.

0
Reply
Wendell Odom

GJM,
So, the literal default value for the [no] shutdown command is “no shutdown”. IOS doesn’t display defaults (most of the time) in the output of show run, so when you issue the “no shutdown”, and then do a show run, it doesn’t display.
For an experiment, issue a “shutdown”, do a show run, and you’ll see the “shutdown”. Then add back the “no shutdown”, do a show run, and it won’t be there because it’s default.

I say that, but real routers have some weird behavior w/ shut/no shut and defaults. But the above is what you should expect to see displayed, that is, you don’t see “no shutdown” in the running config.
Wendell

0
Reply
JB

Maybe I’m just stupid, but I just don’t understand why the IP address is configured directly on the G0/0 interface. To preface this; I have just read through the first two parts of the OCG, and in chapter 6 the book only talks about VLAN’s when assigning an IP address for management purposes. Also there has been no mention of how to configure routers up to that point. I understand that the configuration may differ from routers and switches, but this hasn’t been touch upon in the book yet (or I have just completely missed this information somehow).
Anyways, I did try to configure VLAN 1 with an IP address and mask, but that did not seem to work. Hope you can help me understand.

1
Reply
Wendell Odom

Hi JB,
To answer this lab, you needed to be further along in your reading. After looking at this post, it’s better associated with Part V of vol 1, after reading Chapter 15 in particular. Specifically, that chapter discusses configuring IP addresses on routers, which was the point that confused you. So, not a problem with you, but a problem with the tags on the lab. My apologies. It will be pretty clear once you read that far, but basically, all router interfaces have an ip address/mask, and you can telnet to any of those IP addresses.
Wendell

1
Reply
ERMUNDO C RUSSELL

Hey Wendell,

After configuring the router I was able to ping and telnet R1 from PC1. After checking the lab answers I noticed that I did not issue the transport input telnet command in line configuration mode but I was still able to telnet into R1 and move into user mode. Is that because once I issued the “login” command in line config mode , telnet was enabled?

0
Reply
Wendell Odom

Hi Ermundo,
Real Cisco routers default to “transport input none”, but Packet Tracer defaults to either “all” or “Telnet” (I can’t recall which off the top of my head). Anyway, that’s why the Telnet worked. If you had omitted the transport input command on a real Cisco router, the Telnet would have failed.
W

0
Reply
ERMUNDO C RUSSELL

R1 config’s I entered for the latest comment
line vty 0 4
password telnet
login
line vty 5 15
password telnet
login

0
Reply
Bacteria

Is the

login

line interface subcommand not required here?

0
Reply
Wendell Odom

Bacteria?
The login command isn’t required because the lab said to not configure commands when the default setting would work. Login is the default setting. (There’s a one-liner in the answers section about it, by the way.)
Wendell

0
Reply
Sam

Hi Wendell.
Is the transport input telnet command necessary for this lab? I believe the purpose that command is to specify that only telnet, and not SSH, can be used?
Thanks,
Sam

0
Reply
Wendell Odom

Sam,
Honestly, your first question gave me a good chuckle. Heck if I know! 🙂 I’ve published 35K pages in books and made thousands of blog posts! And my brain is aging. So it all runs together. But let me go back and see if I can figure it out… or at least comment on the important angles of your question.
Now that I’ve refreshed my memory.. yes. On real Cisco routers running IOS (not IOS XE), the default of the command is transport input none. So you need transport input telnet in this case. I don’t recall if CPT has a different default setting. In contrast, switches default to transport input telnet ssh.

0
Reply
20
0
Would love your thoughts, please comment.x
()
x