Throughout my CCENT and CCNA exam tutorials, you'll notice these two curious commands on the console port:
line con 0
exec-timeout 0 0
logging synchronous
I've been recommending these commands for years to CCNA and CCNP candidates putting their own home labs together, but they can come in handy on the job as well. Let's take these commands one at a time, starting with the logging synchronous command.
When the router wants you to know something, ccna course london it wants you to know right now. If the router sends a message to the console while you're entering a config, by default the router will interrupt your work to show you that message.
In the following example, I opened a Serial interface, which will always result in at least two messages relating to the physical and logical state of the interface. I started typing a sentence immediately after I opened the interface to show you what happens. I've bolded the sentence I was entering.
R1(config)#int s0
R1(config-if)#no shut
R1(config-if)#^Z
R1#so here i am
4d04h: %SYS-5-CONFIG_I: Configured from console by consoletyp
4d04h: %LINK-3-UPDOWN: Interface Serial0, changed state to uping and
4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to upi've been interrupted quite badly!
4d04h: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
This may seen trivial, but when you have a long command entry interrupted by a console message, you'll wonder how to prevent that from happening. (After you stop yelling at the router, that is.) By configuring the logging synchronous command on the console port, you're telling the router to hold such messages until it detects no input from the keyboard and no other output from the router, such as a show command's output.
R1(config)#line console 0
R1(config-line)#logging ?
synchronous Synchronized message output
The second command I always enter on the console port of a home lab router or switch is exec-timeout 0 0. This disables the default inactivity timeout of 5 minutes and 0 seconds. If you want to change that timer rather than disabling it, the first number represents the number of minutes in the inactivity timer and the second number is the number of seconds.
R1(config)#line con 0
R1(config-line)#exec-timeout ?
Timeout in minutes
R1(config-line)#exec-timeout 0 ?
Timeout in seconds
R1(config-line)#exec-timeout 0 0 (disables the inactivity timer)
This command can also be configured on the VTY lines to set or disable the inactivity timer for Telnet and SSH users. Here, we'll set the VTY line inactivity timer to 10 minutes.
R1(config)#line vty 0 4
R1(config-line)#exec-timeout ?
Timeout in minutes
R1(config-line)#exec-timeout 0 ?
Timeout in seconds
R1(config-line)#exec-timeout 10 ?
Timeout in seconds
R1(config-line)#exec-timeout 10 0
Some network admins hate these commands, and I personally don't like to disable my router's Telnet and SSH inactivity timers. They're great commands for your present or future home lab, and I also recommend you know them for your CCENT and CCNA exams!
When you're looking at a Cisco router configuration, figuring out what the different passwords do can be a little confusing at first. But as I tell all my students, the key to understanding something that looks complex is to break it down to smaller parts.
Having said that, let's take a look at a typical running configuration and then break it down line by line to make sure you understand what each password is doing. This is a must for success on exam day and on the job!
Username r1 password router
Username chris password Bryant
Username david password stimpson
Enable password cisco
Enable secret ccna
Service password-encryption
Line console0
Login
Password passexam
Line vty 0 4
Login
Password ccnp
There's a lot going on in that little configuration. Working from top to bottom, let's take a look at what each section does.
Username r1 password router
Username chris password Bryant
Username david password stimpson
The username / password combination creates a local database that the router will use to authentication users connecting on your BRI lines, and it's also used to authenticate users connecting via telnet!
To use the local database instead of a common VTY password:
Line vty 0 4
Login local
This allows each user to have their own password instead of everyone using the single VTY line password.
Enable password cisco
Enable secret ccna
The enable password and enable secret commands are used to do the same thing - protect privileged exec mode, more commonly referred to as enable mode.
Why use both? The enable password is still in use for backwards compatibility. Most routers are configured with both, and they'll probably be different. (This is because the router's going to prompt you for a different password for one if you try to set them both to the same word.)
If we only have one enable mode to protect, but two different passwords, which one should a user enter? The enable secret - because the enable secret always has precedence over the enable password. No exceptions. (We don't get to say that very often in Ciscoland, do we? J )
There's one other major difference. The enable secret is encrypted by default the enable password is displayed in clear text. Actually, all the other passwords you see above will be displayed in clear text by default.
Service password-encryption
This default can be changed by activating a Cisco router service that's off by default. Run the service password-encryption command to encrypt all passwords in your configuration.
Before a user gets to enable mode, though, there may be a password to start working at the console to begin with. This password has to be entered just to get to user exec (assuming the previous user logged out fully and correctly!).
Line console0
Login
Password passexam
Note that there are two commands. You need to enable the password function with the "login" command, and then set a password. The order in which you enter these two commands does not matter - just make sure you enter them both!
Line vty 0 4
Login
Password ccnp
Of course, the VTY lines are used to enable Telnet connectivity and to set a password. Cisco requires a password be set for Telnet access, and this basic configuration will prompt any user for the one single password. This password would apply to all five simultaneous Telnet connections if more than one user were telnetting in at once.
For much more on Telnet, read my tutorial on the subject, found at
To get your CCNA, you've got to be more than ready for password questions. Whether you're asked to set one or troubleshoot an existing configuration on an exam or on the job, these should be second nature to you. And they will be, once you break a configuration like this into smaller parts.
To your success,