Configuring Cisco Routers via Telnet and HTTP

While the initial configuration of your Cisco router using the console port and a rollover cable may be necessary, you’ll eventually want to access routers on your network using telnet sessions. Since telnet is an IP-based application, your routers will need to be configured with at least one valid and reachable IP address to use this method. Also remember that in order to connect to a router using telnet, that router will need a virtual terminal (vty) password configured. If not, any connection attempts will be refused. Notice what happens when we attempt to telnet into the accra router at IP address

Trying ... Open
Password required, but none set
[Connection to accra closed by foreign host]

Using telnet to connect to routers is much faster than connecting via the console port. If you recall, back in the hostname section of this chapter we added an entry to our hosts table that resolved the name accra to its IP address. Because of that, we can easily connect to the accra router by simply entering accra at the prompt. By the same token, we could just as easily enter the IP address without the telnet command preceding it. The router will assume that we’re trying to telnet if we don’t provide any additional information.

Trying accra ( Open
User Access Verification

Before issuing the command, I set a vty password on the accra router – notice it prompts us for a password rather than refusing the connection this time.

Telnetting from a client machine to a telnet server is known as a forward telnet session. However, when you connect from a telnet server to another telnet server, it is known as a reverse telnet session. In general, this detail isn’t terribly important, but I thought I should mention it since you may come across the term in the Cisco documentation.
After we have connected to the accra router via telnet, we still have the ability to get back to the prompt of the cisco2501 router using a special key sequence. By pressing Ctrl+Shift+6 together and then the letter X, we return to the original prompt. The telnet session to the accra router is still open – we’ve just left it temporarily, perhaps to open yet another reverse telnet session to another router. The ability to switch between connections is much more convenient than constantly logging off and back on.
However, having multiple telnet session open can also be a little confusing. So how can you recall sessions that you’ve initiated and access them again? Well, you should start off with the show sessions command. This will list the currently active sessions, as shown below.

Cisco2501#show sessions
Conn Host Address Byte Idle Conn Name
* 1 0 0

The asterisk shown above is used to designate the last session accessed. To reconnect to this telnet session, you can either press Enter twice (this will always access the last session), or enter the number associated with the Conn header – in this case 1, followed by the Enter key.

To end a telnet session, you have two main options. From within a session, just type exit.

[Connection to accra closed by foreign host]

If you want to close a session without actually being in it, use the disconnect command. For example, to close that accra session from the cisco2501 command prompt, we would enter disconnect followed by the associated connection number.

cisco2051#disconnect 1
Closing connection to [confirm]

While configuring a router using telnet may be common, it is also possible to configure your router via a web browser. Although it’s disabled by default, your router has its own mini HTTP server built in. This provides yet another way to gain access to the router for the purpose of issuing commands. To enable the HTTP server, use the command ip http server from global configuration mode.

cisco2501(config)#ip http server

After doing this, open your web browser and point it to one of your router’s IP addresses. While the browser interface may not be pretty, it’s worth being aware of its existence. In general, it really provides no more functionality that what is available in a telnet session, although it does offer the ability to issue commands using hyperlinks. For the most part, I suggest that you keep the HTTP server turned off, since it offers another point of access for potential hacking. After taking a look, the HTTP server can be turned off using the no ip http server command.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.