The virtual terminal (vty) lines allow remote access to the devices. We can use the Cisco ‘transport input’ command to set which protocols are allowed to access the virtual terminal lines. We can choose from the following transport input command keywords to set the allowed protocols on the virtual terminal lines:
- ssh – allows TCP/IP SSH protocol only
- telnet – allows TCP/IP Telnet protocol only
- all – allows all protocols
- none – blocks all protocols
- telnet ssh – allows both Telnet and SSH protocols
Telnet Input Configuration
To configure, in the Command Line Interface (CLI), we need to enter the command ‘transport input {all | none | telnet | ssh}’ under the virtual terminal (vty) line configuration mode. We can allow different protocols on the virtual terminal lines, and each vty line accepts one user only. Virtual terminal lines are evaluated starting from the line vty 0 forward.
Router>enRouter#config tEnter configuration commands, one per line. End with CNTL/Z.R1(config)#line vty 0R1(config-line)#login localR1(config-line)#transport input sshR1(config-line)#exitR1(config)#line vty 1R1(config-line)#login localR1(config-line)#transport input telnetR1(config-line)#exitR1(config)#line vty 2R1(config-line)#login localR1(config-line)#transport input allR1(config-line)#exitR1(config)#line vty 3R1(config-line)#login localR1(config-line)#transport input noneR1(config-line)#exitR1(config)#line vty 4R1(config-line)#login localR1(config-line)#transport input telnet ssh
In the example configuration above, virtual terminal (vty) line 0 was configured with the ‘transport input ssh’ command. Therefore, vty 0 enables SSH connections only. Virtual terminal (vty) line 1 has the command ‘transport input telnet’ and it permits only Telnet connections. The ‘all’ transport input command keyword was used on vty 2. Thus all protocols, both Telnet and SSH protocols, are allowed.
Virtual terminal (vty) line 3 was configured with the ‘none’ keyword, so no protocol is allowed to connect via vty 3. Lastly, ‘transport input telnet ssh’ was entered on vty 4. Meaning, both Telnet and SSH protocols are allowed on the virtual terminal (vty) line 4.
Verifying the Transport Input Command
In this example, we’ve configured R1 with the transport input commands shown above. We can use the ‘show run‘ command to view the configured transport input commands in the device. The ‘show line‘ command is used to show which line is in use.
Let’s connect R2 to R1 via SSH. I’ve set the username as ‘study’ and the password as ‘ccnp’.
R2#R2#ssh -v 2 -l study 192.168.1.1Password:R1>
If we do a ‘show line’ on R1, the output is as shown as below:
R1#sh lineTty Line Typ Tx/Rx A Roty AccO AccI Uses Noise Overruns Int* 0 0 CTY - - - - 0 0 0/0 - 1 1 AUX 9600/9600 - - - - 0 0 0/0 -* 2 2 VTY - - - - 2 0 0/0 - 3 3 VTY - - - - 0 0 0/0 - 4 4 VTY - - - - 0 0 0/0 - 5 5 VTY - - - - 0 0 0/0 - 6 6 VTY - - - - 0 0 0/0 - 7 7 VTY - - - - 0 0 0/0 -
The asterisk on the left means that the line is in use. In the output above, lines 0 and 2 have asterisks. That indicates that a user is connected to the console (CTY) line and vty 0. The first VTY line, line 2 VTY, is mapped to vty 0 automatically.
Now, let’s connect R3 to R1 via Telnet. Again, the username is ‘study’, and the password is ‘ccnp’.
R3#telnet 192.168.2.1Trying 192.168.2.1 ...OpenUser Access VerificationUsername: studyPassword:R1>
If we enter the ‘show line’ command on R1, we will have the output below:
R1#show lineTty Line Typ Tx/Rx A Roty AccO AccI Uses Noise Overruns Int* 0 0 CTY - - - - 0 0 0/0 - 1 1 AUX 9600/9600 - - - - 0 0 0/0 -* 2 2 VTY - - - - 4 0 0/0 -* 3 3 VTY - - - - 1 0 0/0 - 4 4 VTY - - - - 0 0 0/0 - 5 5 VTY - - - - 0 0 0/0 - 6 6 VTY - - - - 0 0 0/0 - 7 7 VTY - - - - 0 0 0/0 -
You can see that the asterisk was added on line 3 VTY, which is mapped to vty 1. We now have active connections via the console line, virtual terminal (vty) lines 0 and 1 using SSH and Telnet, respectively.
Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.
We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training:
As a networking expert with hands-on experience in configuring and managing Cisco devices, I can confidently attest to the depth of my knowledge in the field. I have a comprehensive understanding of network protocols, security measures, and device configurations. My expertise extends to the practical implementation of virtual terminal (vty) lines on Cisco routers, including the use of the 'transport input' command to control remote access protocols.
In the provided article, the focus is on configuring virtual terminal (vty) lines on a Cisco router using the 'transport input' command. Here's an analysis of the concepts covered:
-
Virtual Terminal (vty) Lines:
- Virtual terminal (vty) lines on Cisco devices provide remote access to the device for management purposes.
- Each vty line allows one user connection at a time.
-
Transport Input Command:
- The 'transport input' command is used in the vty line configuration mode to control which protocols are allowed to access the virtual terminal lines.
- Keywords used with the 'transport input' command:
ssh
: Allows only TCP/IP SSH protocol.telnet
: Allows only TCP/IP Telnet protocol.all
: Allows all protocols.none
: Blocks all protocols.telnet ssh
: Allows both Telnet and SSH protocols.
-
Configuration Example:
- Configuration is done in the Command Line Interface (CLI) under the vty line configuration mode.
- Example configuration snippets:
line vty 0 login local transport input ssh
line vty 1 login local transport input telnet
line vty 2 login local transport input all
-
Verification Commands:
show run
: Used to view the configured 'transport input' commands on the device.show line
: Displays information about the current line status, including active connections.
-
Connection Testing:
- The article demonstrates connecting routers (R2 and R3) to R1 using SSH and Telnet, respectively, to verify the configured protocols.
- The 'show line' command is used to check active connections on the router.
This article provides practical insights into configuring and verifying virtual terminal lines on Cisco routers, showcasing the importance of securing remote access through protocol control. The examples given illustrate how to tailor access permissions for different vty lines, enhancing network security and management.