Accessing a Cisco IOS Device
Console Access Method
There are several ways to access the Cisco CLI (Command-Line Interface) environment.
The most common methods are
• Telnet or SHH
• AUX port
The console port is a management port that provides out-of-band access to a Cisco
device. Out-of-band access refers to access through a dedicated management channel
that is used for device maintenance purposes only. The advantage of using a console
port is that the device is accessible even if no networking services have
been configured, such as when performing an initial configuration of the networking
device. When performing an initial configuration, a computer running terminal
emulation software is connected to the console port of the device using a special cable.
Configuration commands for setting up the switch or router can be entered on the
The console port can also b used when the networking services have failed and
remote access of the Cisco device is not possible. If this occurs, a connection to
the console can enable a computer to determine the status of the device. By default,
the console conveys the device startup, debugging, and error messages. After the
network technician is connected to the device, he can perform any configuration
commands necessary using the console session.
For many IOS devices, console access does not require any form of security, by
default. However, the console should be configured with passwords to prevent
unauthorized device access. In the event that a password is lost, there is a special set of
procedures for bypassing the password and accessing the device. The device should
also be located in a locked room or equipment rack to prevent unauthorized physical access.
Telnet, SSH, and AUX Access Methods
While a console connection provides a method of locally accessing the IOS CLI,
there are methods for remotely accessing the CLI. This section introduces some of
Telnet is a method for remotely establishing a CLI session of a device, through a
virtual interface, over a network. Unlike the console connection, Telnet sessions require
active networking services on the device. The network device must have a least one
active interface configured with an Internet address, such a an IPv4 address. Cisco
IOS devices include a Telnet server process that allows users to enter configuration
commands from a Telnet client. In addition to supporting the Telnet server process,
the Cisco IOS device also contains a Telnet client. This allows a network administrator
to telnet from the Cisco device CLI to any other device that supports a Telnet server process.
The Secure Shell (SSH) protocol provides a remote login similar to Telnet, except
that it uses more secure network services. SSH provides stronger password authentication
than Telnet and uses encryption when transporting session data. This keeps
the user ID, password, and the details of the management session private. As a best
practice, use SSH instead of Telnet whenever possible.
Most versions of Cisco IOS include an SSH server. In some devices, this service is
enabled by default. Other devices require the SSH server to be enables manually. IOS
devices also include an SSH client that can be used to establish SSH sessions with other devices.