1
00:00:00,940 --> 00:00:06,940
One of the great things about history is you can have many devices as part of a typology and you can

2
00:00:06,940 --> 00:00:09,700
access the consuls of every device.

3
00:00:09,700 --> 00:00:18,340
So as an example Rodda one and Rodda too can be accessed directly through Janissary on my local PC.

4
00:00:18,370 --> 00:00:27,450
However in the real world you probably going to want to telnet to devices because you don't want to

5
00:00:27,450 --> 00:00:31,290
walk to the device and connect to the console.

6
00:00:31,380 --> 00:00:32,480
That's not realistic.

7
00:00:32,520 --> 00:00:37,860
If the devices are on the other side of the country or other side of the world so you're going to want

8
00:00:37,860 --> 00:00:44,370
to use a protocol such as telnet to gain access to the remote devices.

9
00:00:44,370 --> 00:00:49,410
Let's assume that router one is in one part of the network and brought it to is in a different part

10
00:00:49,410 --> 00:00:50,200
of the network.

11
00:00:51,230 --> 00:00:56,900
In this example all telnet from a one to router 2 let's see what happens by default.

12
00:00:56,900 --> 00:01:04,830
So telnet to 10 or 20 I'm told that password is required but none is set.

13
00:01:04,830 --> 00:01:12,360
In most cases by default you cannot telnet to a router you have to do some configuration to allow telnet

14
00:01:12,360 --> 00:01:24,270
sessions and to top quality the line Viti Y and specify a Viti y range from zero to a number that depends

15
00:01:24,270 --> 00:01:25,620
on the device.

16
00:01:25,620 --> 00:01:36,270
So in this Rodda the Viti y ranges from 0 to nine hundred and three which means you could have 904 simultaneous

17
00:01:36,540 --> 00:01:41,070
virtual terminal lines or why lines on the router.

18
00:01:41,340 --> 00:01:47,580
In other words 904 sessions could be made to the Rodda at the same time.

19
00:01:47,730 --> 00:01:56,030
You'll often see in documentation that they'll create the Y lines 0 to 4 which gives you 5 D-y lines.

20
00:01:56,130 --> 00:01:57,900
That's something from the old days.

21
00:01:57,990 --> 00:02:03,300
But a lot of Cecka devices today support many more lines than that.

22
00:02:03,300 --> 00:02:13,530
So as an example on the switch Viti Why 0 notice there's 5400 VQ lines on this virtual Iowa's vilayet

23
00:02:13,620 --> 00:02:15,140
to switch.

24
00:02:15,390 --> 00:02:22,990
And if I connect to this physical 30 750 and top line Viti Why is 0.

25
00:02:23,180 --> 00:02:26,490
Notice this one has 16 Viti white lines.

26
00:02:26,490 --> 00:02:28,950
So that really depends on the device.

27
00:02:29,010 --> 00:02:35,070
This ios VLA to switch has one thousand and one D-y Why lines.

28
00:02:35,070 --> 00:02:42,090
I'm going to specify log in and notice I'm told that to log in is disabled until the password is sent.

29
00:02:42,090 --> 00:02:47,880
So once again if I telnet to the Rodda the telnet session is closed.

30
00:02:47,880 --> 00:02:54,060
So I wrote it to let's add a password of Cisco and now try telling it to the Rodda notice I'm prompted

31
00:02:54,570 --> 00:02:55,560
for a password.

32
00:02:56,640 --> 00:03:04,720
I want to enable I'm allowed in because this router has an enabled password but if no enable password

33
00:03:04,720 --> 00:03:10,730
was set so let's disconnect if no enabled password was set.

34
00:03:11,020 --> 00:03:13,060
No secret password was set.

35
00:03:13,060 --> 00:03:22,970
Notice what happens telnet to the router and to my telnet password top enable and I cannot get to enable

36
00:03:22,970 --> 00:03:25,790
mode because no password is configured.

37
00:03:26,060 --> 00:03:34,490
You must configure either and enable password or a secret password secret being better to go to enable

38
00:03:34,490 --> 00:03:39,170
mode through a telnet or S-sh session.

39
00:03:39,200 --> 00:03:46,940
So I noticed the configuration that we did show run pipe begin V-twin in this case we enabled 5 Vicci

40
00:03:46,940 --> 00:03:49,000
y lines 0 to 4.

41
00:03:49,070 --> 00:03:56,450
Were using a password on the line for those five lines the same password is used for all of them.

42
00:03:56,630 --> 00:04:00,890
You could specify different passwords for different Viti white lines if you wanted to.

43
00:04:01,070 --> 00:04:04,160
But in this example we'll keep the password the same.

44
00:04:04,160 --> 00:04:12,710
Hence when I tell that from router 1 to 2 I need to put in the password on the line but to go to enable

45
00:04:12,710 --> 00:04:16,960
mode I need to type the Enable secret password.

46
00:04:17,210 --> 00:04:27,530
Now again on the Viti y line similar to the console we could use the option log in a local which would

47
00:04:27,530 --> 00:04:33,840
use a local username and password database telnet back again.

48
00:04:33,880 --> 00:04:43,950
It just now asked for the username and password of the user but in this case its failing.

49
00:04:44,680 --> 00:04:46,310
So let's see what's going on.

50
00:04:46,360 --> 00:04:52,410
Show run pipes include user no user account configure it.

51
00:04:53,020 --> 00:04:55,010
So hence the authentication was failing.

52
00:04:55,030 --> 00:05:01,420
So I need to type user name whatever the username is and the password of that user.

53
00:05:01,450 --> 00:05:08,710
So now I can log in and then type and able to get a privileged mode.

54
00:05:09,960 --> 00:05:17,170
So once again what do we do we created a user called davit with a relevant password.

55
00:05:17,170 --> 00:05:20,190
Not a good idea to use passwords such as the following.

56
00:05:20,230 --> 00:05:22,210
You should use secret.

57
00:05:22,390 --> 00:05:24,430
So I should have done this.

58
00:05:24,430 --> 00:05:25,980
Use the name David.

59
00:05:26,110 --> 00:05:28,910
Secret Cisco.

60
00:05:29,050 --> 00:05:33,510
Now I'm told I cannot have both a user password and a user secret.

61
00:05:33,590 --> 00:05:39,130
Choose one or the other so do show run piping clewed user.

62
00:05:39,350 --> 00:05:44,970
Notice the use and you still using a password rather than a secret.

63
00:05:45,040 --> 00:05:53,950
So let's say No user name David and recreated with a secret and that's allowed now.

64
00:05:54,020 --> 00:05:59,420
Now it is previously the password was in clear text dush run pipe.

65
00:05:59,540 --> 00:06:04,610
Include user the user name is now an empty five hash.

66
00:06:04,640 --> 00:06:06,230
So it's much more secure.

67
00:06:09,930 --> 00:06:17,310
Notice the difference now however when I tell them that and put my username in and my password I still

68
00:06:17,310 --> 00:06:20,120
have to put in my enable password.

69
00:06:20,130 --> 00:06:22,110
But that's a secret password.

70
00:06:23,220 --> 00:06:33,170
And what I can do additionally specify privilege and give David full privileges rather than the use

71
00:06:33,170 --> 00:06:38,480
of having to type the enabled password or secret password in this case.

72
00:06:38,480 --> 00:06:46,100
So back then write a one tell it to write a T name is David falshood a Cisco notice I'm taken immediately

73
00:06:46,490 --> 00:06:54,330
to privilege mode whereas previously I had to type enable and then put in the secret password.

74
00:06:54,360 --> 00:07:01,510
Now the biggest problem with Telnet is it's clear text so legs it back to route 1.

75
00:07:01,740 --> 00:07:12,340
Let's start doing a capture whya and capture the traffic received on this interface.

76
00:07:12,360 --> 00:07:15,120
I remember we created a secret password.

77
00:07:15,120 --> 00:07:24,690
So on the router show run doesn't show us what that uses password is what happens when we telnet however

78
00:07:24,970 --> 00:07:28,660
said telnet whose name is David.

79
00:07:28,680 --> 00:07:32,780
Password is Cisco straight to privilege mode.

80
00:07:33,940 --> 00:07:42,630
Well search for telnet and let's look through the packets first.

81
00:07:43,730 --> 00:07:51,210
Strolling along there is D A V I D asking for password.

82
00:07:51,210 --> 00:07:57,380
Now see I see we've just captured the user's password.

83
00:07:57,850 --> 00:08:03,820
If we follow the TZP stream I'll just copy that into notepad so you can see it clearly.

84
00:08:06,960 --> 00:08:13,560
But what you're seeing here is the TCAP stream showing the user name and the password.

85
00:08:13,830 --> 00:08:22,290
So the password is shown in clear text tellen allows you to capture passwords and other data off the

86
00:08:22,290 --> 00:08:22,980
wire.

87
00:08:23,040 --> 00:08:26,080
So it's not a great idea to use telnet.

88
00:08:26,520 --> 00:08:31,980
You may think it's good to use a secret password but be careful the secret password is hashed on the

89
00:08:31,980 --> 00:08:32,620
router.

90
00:08:32,910 --> 00:08:37,120
But when the data is sent across the wire it's in clear text.

91
00:08:37,290 --> 00:08:44,810
So a hacker can capture the password so you should be using S-sh rather than telnet before each before

92
00:08:44,810 --> 00:08:46,040
showing S-sh.

93
00:08:46,040 --> 00:08:56,110
One last thing on telnet you can also set an exact timeout on your telnet sessions so that they get

94
00:08:56,230 --> 00:08:57,050
disconnected.

95
00:08:57,070 --> 00:09:03,610
If there's no activity for period of time in this example after five minutes the telnet session would

96
00:09:03,610 --> 00:09:08,020
be disconnected but you could specify another value if you wanted to.