Courseiva
SystemGlobal Config

line vty 0 4

Enters line configuration mode for virtual terminal (VTY) lines 0 through 4 to configure remote access settings like Telnet/SSH, ACLs, and timeout parameters.

Syntax·Global Config
line vty 0 4

When to Use This Command

  • Configuring password authentication for remote Telnet/SSH access to a router.
  • Applying an access-class to restrict which IP addresses can initiate remote sessions.
  • Setting the exec-timeout to automatically disconnect idle administrative sessions.
  • Enabling SSH and disabling Telnet for secure remote management.

Command Examples

Basic VTY password and login configuration

line vty 0 4 password cisco login
Router(config-line)#

The command enters VTY line configuration mode, sets the password to 'cisco', and enables password checking at login. No output is shown except the prompt change.

VTY configuration with ACL and timeout

line vty 0 4 access-class 10 in exec-timeout 5 0 transport input ssh
Router(config-line)#

Applies ACL 10 to restrict incoming VTY connections, sets exec timeout to 5 minutes, and limits transport input to SSH only. No output is shown except the prompt change.

Understanding the Output

The 'line vty 0 4' command itself does not produce output; it changes the CLI prompt to indicate line configuration mode. To verify VTY settings, use 'show running-config | section line vty' or 'show line'. In 'show running-config', look for lines under 'line vty 0 4' such as 'password', 'login', 'transport input', 'exec-timeout', and 'access-class'. A common good configuration includes 'transport input ssh' and 'exec-timeout 5 0'. A bad configuration might have 'transport input all' (allowing insecure Telnet) or no 'login' command (allowing access without password).

CCNA Exam Tips

1.

CCNA exam tip: Remember that 'line vty 0 4' configures five simultaneous virtual terminal sessions (0 through 4).

2.

CCNA exam tip: The 'login' command is required to enable password authentication; without it, no password is prompted.

3.

CCNA exam tip: For SSH, you must also configure a domain name and generate RSA keys using 'crypto key generate rsa'.

4.

CCNA exam tip: The 'transport input' command can be set to 'telnet', 'ssh', 'all', or 'none'; exam scenarios often test restricting to SSH only.

Common Mistakes

Mistake 1: Forgetting to issue the 'login' command after setting a password, resulting in no authentication required.

Mistake 2: Using 'line vty 0 4' but only configuring one line; the configuration applies to all five lines.

Mistake 3: Setting 'transport input telnet' when SSH is required, leaving the device vulnerable to unencrypted access.

Related Commands

access-class [acl] in

Restricts incoming or outgoing Telnet/SSH access to a router line (VTY, AUX, console) by applying an ACL that filters source IP addresses.

exec-timeout [min] [sec]

Sets the inactivity timeout for an EXEC session on a line, automatically logging out idle users to free up resources and enhance security.

show line

Displays line configuration and status information for console, auxiliary, and vty lines, used to verify line settings and monitor user connections.

show running-config

Displays the current active configuration in DRAM, showing all non-default settings.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions