a.) what is the result of line con 0 being unconfigured??

will it allow access???

b.) what is the result of configuring vty passwords on some vty lines and not all?


e.g

rtr Z# sh running-config

<output omitted>
!
line con 0
line vty 0 4
password brim
login
transport input telnet
line vty 5 15
login
!
end


kinda confusing

Crawlord,

a) for the first question, there is no requirement to configure the con 0 line. If you don't, it will allow access. You just better make sure you have the device physically secured. If someone can physically get to the device then it can be easily compromised anyway.

b) The answer to your second question is a little more confusing. You must configure the vty lines with a password in order to use them. If you don't it will deny you access via telnet or ssh depending on what you have configured. Now as for the number of lines, since the Cisco IOS came out there have been vty line 0 through 4, you must have them configured. The other lines as in your example are there for other uses. It depends on the device what they can be used for. It you ever see one of the new ISR routers you will see that in may cases they have about 1800 lines available. You should set a password on all of them just for security sake. You can do it all in one command, instead of typing line vty 0 4, type line vty 0 ? and see what the last line is. Then type that in.

Hope that helps you out.
Pat

Nice post Pat.

line vty 0 4
password brim
login
transport input telnet
line vty 5 15
login

What will happen with the above is this: line vty 0 4 allows five (0 to 4) concurrent telnet sessions, allowing users to login using password brim. The remaining lines (vty 5 15) would return an error to the sixth person logging in. The fact that 'login' is specified but no password set will mean that the sixth person would receive the message "password required but none set". It would then kick them out.
- hope this helps