1
00:00:00,740 --> 00:00:07,280
In a genius three typology I have two roads Rodda one in Ratatouille which are connected to a hub which

2
00:00:07,280 --> 00:00:14,800
in turn is connected to a cloud allowing me to have access to my local area network from these two routers.

3
00:00:14,870 --> 00:00:20,400
I've also got a Cisco Iwate The late to switch which I haven't connected to other devices.

4
00:00:20,540 --> 00:00:27,020
I'm going to talk briefly about locking down the console and then we'll discuss telnet and S-sh and

5
00:00:27,020 --> 00:00:30,530
I'll use the same topology for those videos.

6
00:00:30,590 --> 00:00:39,020
So firstly I've connected to the console of this Iowas the laity switch and when I press Enter I'm put

7
00:00:39,020 --> 00:00:44,390
into user mode and then I can type enable to go to privilege mode.

8
00:00:45,110 --> 00:00:52,730
So exit I'm shown that I'm on the console of the switch press enter and I'm in user mode the label and

9
00:00:52,730 --> 00:00:56,130
then I'm taken to privilege mode with no authentication.

10
00:00:56,240 --> 00:00:59,400
I wasn't asked for a password.

11
00:00:59,550 --> 00:01:07,170
In this example I'm connecting to the console of a physical city 750 which when I press enter on put

12
00:01:07,170 --> 00:01:08,580
into user mode.

13
00:01:08,760 --> 00:01:12,880
And once again when I type enable I can go to privilege mode.

14
00:01:13,020 --> 00:01:15,900
But in this example the switch is prompting for a password

15
00:01:18,750 --> 00:01:27,420
so notice the user experience is the same on a physical switch versus a virtual switch running in Jeana's

16
00:01:27,420 --> 00:01:28,600
3.

17
00:01:28,620 --> 00:01:39,330
So as an example if I type enable password Cisco and then exit out of the switch press ENTER I mean

18
00:01:39,330 --> 00:01:47,680
user mode top enable and now I have to enter a privileged password with a secret password to go to privileged

19
00:01:47,720 --> 00:01:48,530
mode.

20
00:01:48,740 --> 00:01:50,800
Same as a physical switch.

21
00:01:50,930 --> 00:01:51,580
Notice please.

22
00:01:51,590 --> 00:01:58,460
I was not prompted for a password to get to use the mode I was only prompted for a password when I typed

23
00:01:58,460 --> 00:01:59,890
enable.

24
00:02:00,090 --> 00:02:04,620
There is no password by default on the console of a switch.

25
00:02:05,470 --> 00:02:12,970
Or Rodda show run shows a lot of configuration and if I scroll all the way down to the bottom I'll see

26
00:02:12,970 --> 00:02:15,610
a line like this line console's 0.

27
00:02:15,820 --> 00:02:18,400
So that's the console port or the switch.

28
00:02:18,640 --> 00:02:25,090
I can put a password on that my typing password and specifying some kind of password.

29
00:02:25,090 --> 00:02:32,080
So I'm going to say Cisco and then I'm going to type a log in to indicate that we using the password

30
00:02:32,080 --> 00:02:32,830
on the line

31
00:02:35,750 --> 00:02:39,980
not a local user name and password database.

32
00:02:39,980 --> 00:02:42,260
So I'm going to say show run puppet begin con

33
00:02:45,660 --> 00:02:48,480
where all the cons zero.

34
00:02:48,500 --> 00:02:58,560
So as you can see this is the configuration on the console topped Poskitt Cisco and log top topics that

35
00:02:59,520 --> 00:03:08,730
now we're a Precentor asked for a password to get to user mode and then enable will take me to privilege

36
00:03:08,730 --> 00:03:10,060
mode.

37
00:03:10,070 --> 00:03:14,160
Now I could create a local username and password database.

38
00:03:14,750 --> 00:03:18,690
So let's do something like this.

39
00:03:18,820 --> 00:03:25,510
That makes no difference however in the current configuration when logging out and pressing Enter I

40
00:03:25,510 --> 00:03:33,060
still have to put in my password of Cisco to get to user mode and I have to put a password in to go

41
00:03:33,060 --> 00:03:35,180
to global config mode.

42
00:03:35,550 --> 00:03:45,330
And that's because at the moment the console is configured with postes which Cisco and Logan if I change

43
00:03:45,330 --> 00:03:51,060
that to line console's Zehra and typed log in a local.

44
00:03:51,330 --> 00:03:52,350
Notice the difference.

45
00:03:52,350 --> 00:04:01,670
Now when I type exit and press ENTER I'm now asked for a username and password.

46
00:04:01,960 --> 00:04:09,450
And now I gain access to the user mode and then I have to type enable and my enable password or secret

47
00:04:09,450 --> 00:04:12,020
password to go to privileged mode.

48
00:04:12,630 --> 00:04:20,640
I can change that again by typing user name David whatever the user is and using the privilege command

49
00:04:21,540 --> 00:04:25,990
privilege and specifying the privileges of that user.

50
00:04:26,490 --> 00:04:28,100
So exit out of here.

51
00:04:29,330 --> 00:04:37,800
Precentor prompted for my username prompted for my password and notice I'm taken immediately to privilege

52
00:04:37,800 --> 00:04:48,500
mode and that's because on the user in this case David a privilege of 15 was applied.

53
00:04:48,690 --> 00:04:54,100
So the U.S. immediately gets full right to the switch upon logon.

54
00:04:54,120 --> 00:05:04,990
We don't have to type enable and then password to go to the Nabl mode show run pipe begin line can line

55
00:05:04,990 --> 00:05:12,290
conrod the notice line console 0 has the command pulse switch Cisco.

56
00:05:12,430 --> 00:05:14,360
That's irrelevant now.

57
00:05:14,380 --> 00:05:19,860
So I could actually remove that.

58
00:05:20,080 --> 00:05:22,310
And that's because log in local is being used.

59
00:05:24,720 --> 00:05:28,840
So show run pipe begin line con. all line can.

60
00:05:28,950 --> 00:05:38,060
I've only got log in local on the line top exit press enter from my user name straight into privilege

61
00:05:38,060 --> 00:05:38,390
mode

62
00:05:43,100 --> 00:05:48,650
so the password on the line is only used if logging is used.

63
00:05:48,650 --> 00:05:57,200
Notice if I don't have a password and I specify I log in I'm told that logging is disabled until a password

64
00:05:57,200 --> 00:05:58,830
is sent.

65
00:05:58,830 --> 00:06:00,290
So let's try that.

66
00:06:00,730 --> 00:06:11,630
Precentor I'm straining to use a mode exit Precentor straight into user mode and I'm now AWST to enter

67
00:06:11,720 --> 00:06:22,350
an enabled password so if I want to put that back to the way it was previously on the line console I

68
00:06:22,350 --> 00:06:24,700
need to specify a password.

69
00:06:25,470 --> 00:06:34,230
And now when I log in I'm asked for the password on the line as well as my privileged password.

70
00:06:34,230 --> 00:06:35,190
So just to recap

71
00:06:39,850 --> 00:06:47,720
logon indicates that a password on the line is required to gain access to the console of a Rotto switch.

72
00:06:47,860 --> 00:06:54,550
If you don't specify a password logon is ignored and you go straight into user mode.

73
00:06:54,790 --> 00:07:02,360
If you specify log in a local here the local user name and password database is used.

74
00:07:02,550 --> 00:07:08,730
So you'd be asked for your user name as well as your password when logging into the console.

75
00:07:08,730 --> 00:07:14,700
If you specify privilege and a privilege level you don't have to put an enable password in you taken

76
00:07:14,730 --> 00:07:19,860
straight to the privilege level associated with your user account.

77
00:07:19,860 --> 00:07:22,000
In this case it's 15 now.

78
00:07:22,140 --> 00:07:31,240
If you want to play a trick on someone and I don't suggest you do this in production a console has an

79
00:07:31,240 --> 00:07:38,000
exact time timeout in minutes and in seconds you could specify something like this.

80
00:07:38,020 --> 00:07:44,230
So exec time up to a 0 1 means that it will timeout after 1 second.

81
00:07:44,530 --> 00:07:51,010
So I noticed when I press enter and try and gain access to my router one second later I'm logged out.

82
00:07:51,010 --> 00:07:58,040
So what you need to do to make this work or to fix this is you have to type very quickly or continually

83
00:07:58,050 --> 00:07:58,900
press tab.

84
00:07:58,900 --> 00:08:01,120
So I get a press tab with my one finger.

85
00:08:01,420 --> 00:08:11,180
So it's continuously updated and then I'm going to try and type with my finger and try and specify the

86
00:08:11,180 --> 00:08:13,070
commands required.

87
00:08:13,070 --> 00:08:21,280
So as you can see I'm making a lot of typing mistakes but that's ok as long as I keep pressing tab.

88
00:08:21,570 --> 00:08:27,780
So once again this is not something you want to do but if you do make a mistake you should specify 0

89
00:08:27,780 --> 00:08:30,690
0 as an example which means don't timeout.

90
00:08:30,700 --> 00:08:33,730
So now I'm not logged out of the con..

91
00:08:33,970 --> 00:08:39,920
You probably want to set that to some value that's realistic for your environment.

92
00:08:39,970 --> 00:08:46,910
So say five minutes after five minutes of inactivity you'll be logged out of the con..

93
00:08:46,930 --> 00:08:51,360
Another great command on a router he's logging synchronous.

94
00:08:51,370 --> 00:08:59,860
If I start typing a command like show IP interface brief you'll notice the command is all over the place

95
00:09:00,520 --> 00:09:03,360
and I have to press tab to see my command.

96
00:09:03,580 --> 00:09:09,620
So once again if I type confetti and press control Z and then top start typing Hello.

97
00:09:10,210 --> 00:09:12,080
You'll notice it's all over the place.

98
00:09:12,310 --> 00:09:13,110
Press tab.

99
00:09:13,240 --> 00:09:15,390
My command is shown again.

100
00:09:15,430 --> 00:09:23,620
So what we want to do is on the line console we want to use the command logging synchronous.

101
00:09:23,670 --> 00:09:30,750
So line console is zero logging synchronous.

102
00:09:30,820 --> 00:09:31,510
Notice the difference.

103
00:09:31,510 --> 00:09:39,540
Now when I press control Z and then type hello hello is automatically retyped so it becomes a lot easier

104
00:09:39,840 --> 00:09:45,120
to type commands and see what you're doing when you're getting a lot of output on the screen especially

105
00:09:45,450 --> 00:09:46,730
when doing debugging.

106
00:09:47,010 --> 00:09:51,530
So don't forget the logging synchronous option on the console.

107
00:09:51,690 --> 00:09:53,110
It's going to save you a lot of trouble.