Subscribe Subscribe | Subscribe Comments RSS
Subscribe in Bloglines

Add to netvibes
Add to Google Reader or Homepage

One of the basic configurations when setting up a Cisco Router or a Cisco Switch is setting the passwords. This includes, setting the passwords for the Console, Telnet/SSH and the Enable (Enable Secret)

The following procedure will help starters set up passwords in Cisco Routers and Switches running Cisco IOS.


Enable Password Encryption

By default, except for the "enable secret" password, all other passwords are stored in blank texts in the running config. So, anyone who gets access to the Privilege EXEC mode has access to all passwords. This can be prevented by a global configuration which encrypts all passwords in the running-config.

From the Global Configuration mode

ciscorouter# conf term

ciscorouter(config)# service password-encryption

Set Console Password

Enter the Line Console configuration mode

ciscorouter# conf term

ciscorouter(config)# line con 0

Enable Login and set password


ciscorouter(config-line)# login

ciscorouter(config-line)# password MyConsolePassword

where "MyConsolePassword" is the password. Set something that is more secure.

Set Telnet/SSH password

If you are using SSH or Telnet to logon to the Cisco Routers or Switches remotely then it is important to set the password for this access

ciscorouter# conf term

ciscorouter(config)# line vty 0 4

ciscorouter(config-line)# login

ciscorouter(config-line)# password MyRemotePassword

where "MyRemotePassword" is the password. The above will enable logins and set the passwords for the remote consoles "0" to "4". In simple terms, the first 5 terminal connections are set and passwords are assigned. However, the newer versions have upto 16 terminal consoles. These can also be set with the same passwords or with a different set of passwords.

ciscorouter# conf term

ciscorouter(config)# line vty 5 15

ciscorouter(config-line)# login

ciscorouter(config-line)# password MyOtherRemotePassword

Enable Password

The enable password is required to be set to protect the Privilege Exec mode. Also, Privilege Exec mode will not be accesible if the enable password is not set.

From the global configuration mode

ciscorouter# conf term

ciscorouter(config)# enable password MyEnablePassword

However, it is even more secure to set an encrypted password for the Enable login.

Set Enable Secret Password

ciscorouter# conf term

ciscorouter(config)# service password-encryption

Set Console Password

Enter the Line Console configuration mode

ciscorouter# conf term

ciscorouter(config)# line con 0

Enable Login and set password


ciscorouter(config-line)# login

ciscorouter(config-line)# password MyConsolePassword

where "MyConsolePassword" is the password. Set something that is more secure.

Set Telnet/SSH password

If you are using SSH or Telnet to logon to the Cisco Routers or Switches remotely then it is important to set the password for this access

ciscorouter# conf term

ciscorouter(config)# line vty 0 4

ciscorouter(config-line)# login

ciscorouter(config-line)# password MyRemotePassword

where "MyRemotePassword" is the password. The above will enable logins and set the passwords for the remote consoles "0" to "4". In simple terms, the first 5 terminal connections are set and passwords are assigned. However, the newer versions have upto 16 terminal consoles. These can also be set with the same passwords or with a different set of passwords.

ciscorouter# conf term

ciscorouter(config)# line vty 5 15

ciscorouter(config-line)# login

ciscorouter(config-line)# password MyOtherRemotePassword

Enable Password

The enable password is required to be set to protect the Privilege Exec mode. Also, Privilege Exec mode will not be accesible if the enable password is not set.

From the global configuration mode

ciscorouter# conf term

ciscorouter(config)# enable password MyEnablePassword

However, it is even more secure to set an encrypted password for the Enable login.

ciscorouter(config)# enable secret MySecretPassword

This encrypts the password and directly overides the "Enable" password and is encrypted.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Leave a comment

Name: (Required)

eMail: (Required)

Website:

Comment: