Passwords are the first control for protection of telnet access to Cisco routers. Access to the router from specific IP addresses can also be controlled. Telnet ports on the router are called virtual terminal ports (vty). The default is a configuration for five vty ports, vty 0-4, which can be changed. To control enable access by telnet, we must first set the enable password on the router. If the default enable password on the router is not set, access is allowed in enable mode with no password. The same password is used on all vty ports. Telnet access can be restricted with access-class and access-list commands. An access-list is applied to a vty line by the access-class command. |