Cisco Switch Telnet - SSH Configuration Guide

Jun 05 , 2025 32

Cisco Switch Telnet & SSH Configuration Guide

I. Telnet Configuration Steps

1. Enter global configuration mode

• First enter privileged EXEC mode

• Then access global configuration mode

2. Configure VTY lines (Telnet access channels)

• Configure virtual terminal sessions (typically 16 sessions: 0-15)

• Enable Telnet protocol (enabled by default, optional configuration)

• Set local username/password authentication (optional)

• Configure plaintext password (e.g., "cisco")

3. Configure privileged mode password (required)

• Set encrypted enable secret password (e.g., "admin@123")

4. Configure local username/password (alternative to VTY password)

• Create username with encrypted secret password (e.g., username "admin" with password "admin@123")

5. Save configuration

• Write running configuration to startup configuration

II. SSH Configuration Steps

1. Set hostname and domain name (required)

• Configure custom device hostname (e.g., "Switch")

• Specify domain name (any valid domain value required)

2. Generate RSA key pair (enables SSH service)

• Create encryption keys with recommended 2048-bit modulus length

3. Configure SSH parameters

• Enable SSH version 2 (more secure)

• Set connection timeout (60 seconds)

• Configure maximum authentication attempts (3 retries)

4. Configure VTY lines (restrict to SSH only)

• Disable Telnet access

• Permit only SSH connections

• Enforce local username authentication

5. Create privileged local user (for SSH login)

• Configure username with maximum privilege level (15) and encrypted password (e.g., username "admin" with password "ssh@123")

6. Save configuration

• Write configuration to non-volatile memory

III. Verification Commands
Check SSH status

• Display SSH version, service status and cryptographic key information

Test remote access

• From client machine (replace with switch IP address):

• Verify Telnet connectivity

• Test SSH login (e.g., "ssh -l admin 192.168.1.1")

Key Notes:

• Telnet transmits data in clear text (insecure)

• SSH provides encrypted communication (recommended)

• Always verify service status after configuration

• Privilege level 15 provides maximum administrative access