Terminal Lines Security

Password protection to control or restrict access to the command line interface is important to protect from unauthorised access.

There are three methods of accessing the command line interface of an IOS device:

Console Port (CTY)

On any Cisco device, the console port appears in configuration as line con 0 and in the output of show line as cty

The console port is mainly used for local access using a console terminal

Auxiliary Port (AUX)

This appears in configuration as line aux 0

The AUX port is mainly used for remote access into the device via a modem

Virtual Terminal (VTY)

These lines are displayed by default in the configuration as line vty 0 4

They are used for telnet and SSH connections. They are virtual as they have no physical line associated with them.

Restricting Access

Each of these terminal lines should be protected with at the very least a password. There are three ways to add password protection:

  1. Using a password that is configured directly in the line configuratiopn
  2. Using a username-based authentication
  3. Using a AAA server



, ,




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.