Telnet is a remote connection protocol known to be active on port 23. It can be used to administrate a Cisco IOS powered device over the network. This article will demonstrate the necessary commands to configure Telnet.

For testing, I have built a basic network in Cisco Packet Tracer with a router called:
Gilgamesh (IP:
and a remote PC (IP:

To enable telnet, we start configuring VTY ports on Lines. ‘Lines’ on Cisco routers are physical or visual serial ports while VTY ports are specifically visual ports used for remote access using Telnet or SSH. To do that, I typed the following in my router

Gilgamesh#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
Gilgamesh(config)#line vty 0 4

the 0 4 numbers refer to configuring 5 visual sessions. Now, leave the router’s CLI as it is (do not close it) and lets try to connect to the router from our PC’s command prompts.

Trying …Open
[Connection to closed by foreign host]

The lines above shows that the connection was refused. This is because, login is disabled on all the five telnet sessions we created until a password is set. To set ‘ciscopass’ as a password, go back to the router and type

Gilgamesh(config-line)#password ciscopass

now if we try to telnet from our PC again

Trying …Open
User Access Verification

we can see that telnet worked. As such, this also implies that if we want to disable telnet again, we can simply remove the password using

Gilgamesh(config-line)#no password

However, note that removing the password will NOT disable telnet if you have local authentication setup.
And now, what if you want to enable telnet with no password set?
this can be done with

Gilgamesh(config-line)#no password
Gilgamesh(config-line)#no login

to test, perform the following from the PC:

Trying …Open

Remote connection was successful!
to disable this very insecure practice, go back to the router and type

% Login disabled on line 66, until ‘password’ is set
% Login disabled on line 67, until ‘password’ is set
% Login disabled on line 68, until ‘password’ is set
% Login disabled on line 69, until ‘password’ is set
% Login disabled on line 70, until ‘password’ is set

which is exactly the same condition we had when we first typed in the ‘line vty 0 4’ command. Nevertheless, an alternative way to disable tenlet is to write:

Gilgamesh(config-line)#transport input none
Gilgamesh(config-line)#transport input ssh

if this approach is used, you may activate telnet again using

Gilgamesh(config-line)#transport input telnet
Gilgamesh(config-line)#transport input all

Now telnet to the router again and lets try to configure it remotely. An important thing to remember is that the privileged mode in a Cisco router can not be activated if the terminal password is not set. In this case, you will get something like the following output:

Trying …Open
% No password set.

to set a password, type the following in the router’s CLI

Gilgamesh#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
Gilgamesh(config)#enable secret cisco

The password is now set to: ‘cisco’. Test again from the PC


As you see, the priviledged mode is now accessible from the remote PC!

If you want to display all active telnet connections in a router, use:

Gilgamesh#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
67 vty 0 idle 00:00:32

Interface User Mode Idle Peer Address

Another way is if you display the TCP connections and note a connection on port 23.

Gilgamesh#show tcp

Stand-alone TCP connection from host
Connection state is ESTABLISHED, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled
Local host:, Local port: 23
Foreign host:, Foreign port: 1034

Before finishing this post, itس worth mentioning that configuring a switch is exactly the same but you will need to assign an IP address for the default vlan1 to enable remote access. I easily achieved that with the following commands

Switch#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface vlan1
Switch(config-if)#ip address
Switch(config-if)#no shutdown
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up

To enable remote connection from behind the router i.e. other subnets, I added a default gateway information too

Switch(config)#ip default-gateway

I tried to brief the necessary commands and at the end I shall only remind you that Telnet is not recommended from a security point of view since the session between the connected devices is not encrypted. In addition, it is better to create user accounts to avoid sharing a single password between users. My coming posts will consequently demonstrate setting user accounts and then enabling SSH, a secure alternative to Telnet.

12 Responses to “Configure and test Telnet on a Cisco router or switch”

Leave a Reply


Haider’s WebSpace

Welcome to my technical blog. This is where I write, archive and share computer related articles. Subjects vary from posting technical solutions to researching particular topics. Feel free to comment and talk IT!

The information provided is for educational purposes only. All content including links and comments is provided "as is" with no warranty, expressed or implied. Use is at your own risk and you are solely responsible for what you do with it.

Sponsored Links
My Tweets