What is vty in cisco routers

Lines in which you connect could be any from the available pool of lines available; recently more lines have been available for platforms other than 0 - 5, and these lines are used for connecting the devices through virtual sessions in the same way as lines 0 through 5.

If you encounter a technical issue on the site, please open a support case. Communities: Chinese Japanese Korean. All Rights Reserved. The Cisco Learning Network. This document provides sample configurations for configuring password protection for inbound EXEC connections to the router. In order to perform the tasks described in this document, you must have privileged EXEC access to the router's command line interface CLI.

For instructions on connecting a console to your router, refer to the documentation that accompanied your router, or refer to the online documentation for your equipment.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared default configuration. If your network is live, make sure that you understand the potential impact of any command.

For more information on document conventions, refer to the Cisco Technical Tips Conventions. The use of password protection to control or restrict access to the command line interface CLI of your router is one of the fundamental elements of an overall security plan. Protecting the router from unauthorized remote access, typically Telnet, is the most common security that needs configuring, but protecting the router from unauthorized local access cannot be overlooked.

Note: Password protection is just one of the many steps you should use in an effective in-depth network security regimen. Firewalls, access-lists, and control of physical access to the equipment are other elements that must be considered when implementing your security plan. Command line, or EXEC, access to a router can be made in a number of ways, but in all cases the inbound connection to the router is made on a TTY line.

There are four main types of TTY lines, as seen in this sample show line output:. On any router, it appears in the router configuration as line con 0 and in the output of the show line command as cty.

The console port is mainly used for local system access using a console terminal. The TTY lines are asynchronous lines used for inbound or outbound modem and terminal connections and can be seen in a router or access server configuration as line x. The specific line numbers are a function of the hardware built into or installed on the router or access server.

They are virtual, in the sense that they are a function of software - there is no hardware associated with them. They appear in the configuration as line vty 0 4. Each of these types of lines can be configured with password protection.

Lines can be configured to use one password for all users, or for user-specific passwords. User-specific passwords can be configured locally on the router, or you can use an authentication server to provide authentication. There is no prohibition against configuring different lines with different types of password protection.

It is, in fact, common to see routers with a single password for the console and user-specific passwords for other inbound connections. To specify a password on a line, use the password command in line configuration mode.

To enable password checking at login, use the login command in line configuration mode. From the privileged EXEC or "enable" prompt, enter configuration mode and then switch to line configuration mode using the following commands. Notice that the prompt changes to reflect the current mode. Note: Do not save configuration changes to line con 0 until your ability to log in has been verified. Note: Under the line console configuration, login is a required configuration command to enable password checking at login.

Your email address will not be published. Notify me of follow-up comments by email. Notify me of new posts by email. Share via: 6 Shares. Table of Contents. Enter configuration commands, one per line. Changing configuration back to no aaa new-model is not supported.

Leave a Reply Cancel reply Your email address will not be published. Share via. Copy Link. Powered by Social Snap. Copy link.