This Document Provides Basic Configurations For Configuring Password Protection For Inbound Exec Connections To The Cisco Router 2505 And The CISCO IOS® Software Version 12.2(19).
When You First Power On A New Cisco Router, You Have The Option Of Using The “Setup” Utility Which Allows You To Create A Basic Initial Password Configuration. However, In This Post I Will Show You How To Do This Basic Setup With The Command Line Interface (CLI).
The Use Of Password Protection To Control Or Restrict Access To The Command Line Interface (CLI) Of Your Router Is One Of The Fundamental Elements Of An Overall Security Plan. Protecting The Router From Unauthorized Remote Access, Typically Telnet, Is The Most Common Security That Needs Configuring,
But Protecting The Router From Unauthorized Local Access Cannot Be Overlooked. Passwords Can Be Given To The Virtual Terminal Lines And The Console Line. Moreover, Password Can Be Set Privileged EXEC Mode. This Page Will Provide The Information To Set Up CISCO Router Password To Virtual Terminal Lines, Console Lines And Privileged Mode.
NOTE: Password Protection Is Just One Of The Many Steps You Should Use In An Effective In−Depth Network Security Regimen. Firewalls, Access−Lists, And Control Of Physical Access To The Equipment Are Other Elements That Must Be Considered When Implementing Your Security Plan. Command Line, Or Exec, Access To A Router Can Be Made In A Number Of Ways, But In All Cases The Inbound Connection To The Router Is Made On A TTY LINE.
Line Passwords (Line Passwords Are Configured On Router Lines).
Privileged Mode Passwords (Enable Mode).
Username Passwords (Optional).
CTY LINE−TYPE Is The Console Port. On Any Router, It Appears In The Router Configuration As Line Con 0 And In The Output Of The Show Line Command As Cty. The Console Port Is Mainly Used For Local System Access Using A Console Terminal. Console Line The Console Is The Main Serial Administrative Port On A Router. This Is Where You Configure The Router When It Is New And Has No Network Configuration.
Console Password Is Useful On A Network On Which Multiple People Have To Access To The Router. The Persons Who Are Not Authorized, Can't Access The Router. Thus It Prevents Unauthorized Person From Accessing The Router ).
TTY LINES - Are Asynchronous Lines Used For Inbound Or Outbound Modem And Terminal Connections And Can Be Seen In A Router Or Access Server Configuration As Line X. The Specific Line Numbers Are A Function Of The Hardware Built Into Or Installed On The Router Or Access Server.
AUX LINE – The Aux Line Is An Auxiliary Port. Like The Console, It Is A Physical Port On Every Router. You Can Think Of It As A Backup Console Port. Besides Being A Backup Console Port, The Aux Port Is Periodically Used For Administrative Console Dial Up Access To The Router.
VTY LINES Are The VIRTUAL TERMINAL LINES Of The Router, Used Solely To Control Inbound Telnet Connections. They Are Virtual, In The Sense That They Are A Function Of Software − There Is No Hardware Associated With Them. These Are Not Physical Lines On The Router But Virtual “Inbound Network Lines”.They Appear In The Configuration As Line VTY 0 - 4 Depending On Your Router You Might Have More Than Five (0,1,2,3,4) Virtual Terminals Available, In That Case Use The Command Line VTY 0 X Where X Is The Number Of Terminals -1. You Can Also Specify Less Than The Maximum, Which Will Limit The Number Of Sessions That Can Exist On The Router.
A VTY LINE On A Cisco Router Or Switch Allows A User To Telnet Into The Device. Telnetting Is Where A User Is Able To Connect Remotely From Another Device To The Desired Router Or Switch. Telnetting Allows For Device Management Without Having To Physically Be At The Device. It Is Important To Configure A Telnet Password Because Without One, Anyone Would Be Able To Log Into The Router Or Switch And Alter The Configurations, Which Could Potentially Cause Network Problems Or Shutdown.
USER−SPECIFIC Passwords Can Be Configured Locally On The Router, Or You Can Use An Authentication Server To Provide Authentication. There Is No Prohibition Against Configuring Different Lines With Different Types Of Password Protection. It Is, In Fact, Common To See Routers With A Single Password For The Console And User−Specific Passwords For Other Inbound Connections.
ASYNC LINES – Async Lines Are Asynchronous Serial Lines And Are Optional. These Async Lines Are Created When You Insert An Async Serial Card In A Router. You Can Use The Async Serial Lines To Connect Dumb-Terminals (Text-Based Terminals), Serial Printers, Or Modems.
After Specifying A Password On A Line Using The Password Command, You Must Activate Password Checking At Login Using The Login Command In Line Configuration Mode.
The Example Below Illustrates How To Enable Password Security On Each Of The Available Lines. The Password And Login Commands Are Widely Available Within IOS.
NOTE:To Specify A Password On A Line, Use The Password Command In Line Configuration Mode. A Line Is A Console Port (CTY), Auxiliary Port (AUX), Virtual Terminal (VTY), Or Asynchronous (TTY) Line.
Router> <– User EXEC Mode.
Router# <– Privileged EXEC Mode.
Router(Config)# <– Global Configuration Mode.
Router(Config-If)# <– Interface Configuration Mode.
Router(Config-Line)# <– Line Configuration Mode.
<2>HOW TO CONFIGURING ROUTER PASSWORD ON CISCO ROUTRE: Set A Console Password To “Cisco”
To Specify A Password On A Line, Use The Password Command In Line Configuration Mode. To Enable Password Checking At Login, Use The Login Command In Line Configuration Mode.
STEP 1:
1. Put The Command Line Console 0 To The Router.
2. Provide The Password By Using Password Command. For Example, If You Want To Put Password "Cisco" Then The Command Will Be Password Cisco.
3. At Last Put The Command Login.
A Password Is Configured For All Users Attempting To Use The Console. From The Privileged EXEC (Or "Enable") Prompt, Enter Configuration Mode And Then Switch To Line Configuration Mode Using The Following Commands. Notice That The Prompt Changes To Reflect The Current Mode.
CONSOLE PASSWORD: (In This Example, A Password Is Configured For All Users Attempting To Use The Console).
From The Privileged EXEC (Or "Enable") Prompt, Enter Configuration Mode And Then Switch To Line Configuration Mode Using The Following Commands. Notice That The Prompt Changes To Reflect The Current Mode.
There Are Two Commands Used To Configure Line Passwords, No Matter What Kind Of Line You Are Using. The Commands Are Password And Login. The Password Command Is Used To Set Your Line Password. The Login Command, When Entered By Itself, Is Used To Tell The Router To Use The Password That Is Configured On The Line. Here Is An Example Of How This Is Configured On The Console Port:
Router#Config Terminal
Router(Config)# Hostname Router
Router(Config)#Line Con 0
Router(Config-Line)#Login
Router(Config-Line)#Password Cisco (Specifies A Unique “Cisco”Password For The Console Terminal Line.)
Under The Line Console Configuration, Login Is A Required Configuration Command To Enable Password Checking At Login. Console Authentication Requires Both The Password And The Login Commands To Work.
STEP 2:
Virtual Terminal Password Refers To Telnet Password. Through Telnet, You Can Access The Router And Can Change Anything. So, It's Really Important To Protect The Use Of Telnet By Giving A Strong Password.
Different Hardware Has Different No Of Vty Lines Defined. Cisco Has The Range 0 To 4 Vty Lines. It Means It Has 5 VTY LINES. You Can Set The Password Of VTY LINES By The Following Steps:
1. Enter Global Configuration Mode Of The CISCO Router.
2. Put The Command Line Vty 0 4 To The Router.
3. Provide The Password By Using Password Command. For Example, If You Want To Put Password "Cisco" Then The Command Will Be Password Cisco.
4. At Last, Put The Command Login.
In This Example, Passwords Are Configured For Users Attempting To Connect To The Router On The VTY Lines Using Telnet.
From The Privileged EXEC (Or "Enable") Prompt, Enter Configuration Mode And Enter Username/Password Combinations, One For Each User For Whom You Want To Allow Access To The Router:
Router>Enable
Router#Configure Terminal
Enter Configuration Commands, One Per Line. End With CNTL/Z.
Router(Config)#Line Vty 0 4
Router(Config-Line)#Password Cisco
Router(Config-Line)#Login
Router(Config-Line)#
BY DEFAULT, A Cisco Router Supports 5 Simultaneous Telnet Sessions. By Using The Command Line VTY 0 4, The Configuration Below Will Be Applied To All 5 Sessions (Line 0 To Line 4).
STEP 3:
Enable Password Is Required To Restrict The Access Of Privileged EXEC Mode.
Router>Enable
Router#Configure Terminal
Enter Configuration Commands, One Per Line. End With CNTL/Z.
Router(Config)#Enable Password Cisco
Router(Config)#
STEP 4:
ENABLE SECRET: To Specify An Additional Layer Of Security Use The Enable Secret Command In Global Configuration Mode. The Enable Secret Command Provides Better Security By Storing The Configured Enable Secret Password Using A Nonreversible Cryptographic Hash Function, Compared To The Enable Password Command, Which Stores The Configured Password In Clear Text Or In An Easily Reversible Encrypted Format. Storing The Password As A Cryptographic Hash Helps To Minimize The Risk Of Password Sniffing If The Router Configuration File Is Transferred Across The Network, Such As To And From A TFTP Server. It Is Also Useful If An Unauthorized User Obtains A Copy Of Your Configuration File. Note, If Neither The Enable Password Command Nor The Enable Secret Command Is Configured, And If There Is A Line Password Configured For The Console Port, The Console Line Password Will Serve As The Enable Password For All VTY Lines, Which Includes Telnet, Rlogin, And SSH Connections.
The Enable Secret Command Is Widely Available Within IOS. Username Passwords May Also Be Stored In The Router Configuration File In Cryptographic Hash Format, Similar To The Enable Secret. The Associated Command Is Username Secret.
From The Global Configuration Mode, Use The Command Enable Password To Restrict Access To Privileged EXEC Mode. However, This Password Is Visible In The Routers Configuration File. To Encrypt The Password, Enable Secret Command Is Required. By Using Enable Secret Command The Password Is Encrypted And Can't Be Readable To A Human.
Router>Enable
Router#Config
Router#Configure Terminal
Enter Configuration Commands, One Per Line. End With CNTL/Z.
Router(Config)#Enable Secret Cisco
Router(Config)#
NOTE: The Enable Secret Password Is The Password You Use To Gain Access To Enable Mode And To The Global Configuration Mode On The Router And Is Encrypted. The Enable Password Is Used When You Do Not Specify A Enable Secret Password. The Enable Password Should Be Different From The Enable Secret Password.
STEP 5:
NOTE: These Passwords Are Not Encrypted And We Can See Them With The “Show Running-Config” Command. We Can Encrypt All The Passwords With The Service Password-Encryption Command In Global Configuration Mode.
By Default All The Passwords Of A CISCO Router Is Readable In Clear Text In The Configuration File. This Is A Great Security Threat If Someone Read It And Configure Or Change The Router Configuration. So, To Protect Form Display The Password, Service Password-Encryption Command Is Used To Encrypt The Passwords. Service Password-Encryption Is A Global Command And Encrypt The Passwords:
Enable Password.
Console Password.
Vty Password.
Aux Password.
Router#Config
Router#Configure Terminal
Router(Config)# Service Password-Encryption
To Encrypt Local Router Passwords, Use The Service Password-Encryption Command In Global Configuration Mode. This Command Applies To Line Passwords, Username Passwords, Enable Passwords, And Authentication Key Passwords, Including Routing Authentication Passwords And Key Strings. By Default, IOS Does Not Encrypt Passwords. Encrypting Passwords In This Way Helps To Minimize The Risk Of Password Sniffing If The Router Configuration File Is Transferred Across The Network Such As To And/Or From A TFTP Server. It Is Also Useful If An Unauthorized User Obtains A Copy Of Your Configuration File. This Command Is Widely Available Within IOS.
NOTE: Another Notice Is That We Can’t Login To A Cisco Router Via Telnet If We Don’t Set A VTY Line Password For It.
Router#Show Running−Config
Router(Config)#Line Aux 0
Router(Config-Line)#Login
Router(Config-Line)#Password Cisco
The Auxiliary Port Is On The Back Of The Router And Is Commonly Used To Connect A Modem To. It Is Used To Allow A Remote User Access To The Configuration Of The Router. If A Modem Is Connected To The Port, It Should Definitely Have A Password Specified For It.
To Meet The First Objective Of Protecting The Console Line With A Console Password You’ll Need To Navigate To The Console Line Configuration Mode As Shown Below:
STEP 1:
--- System Configuration Dialog ---
Would You Like To Enter The Initial Configuration Dialog? [Yes/No]: No
Press Return To Get Started!
Router>Enable
Router#Configure Terminal
Router(Config)#Line Console 0
Router(Config-Line)#
Once In Console Line Configuration Mode, You Can Set The Password By Executing The Password Passwordgoeshere As Shown Below, The Password Is Being Set To Cisco123;
Router(Config-Line)#Password Cisco123
Simply Setting The Password Does Not Enable Password Authentication. You’ll Need To Tell The Router To Prompt Incoming Sessions On The Console Line To Require A Password. This Is Done By Executing The Login Command From Line Configuration Mode As Shown Below;
Router(Config-Line)#Login
Now You Can Test Your Console Line Password But First You’ll Have To End Your Exec Session By Typing End And Exit Then Attempting To Establish A New Exec Session Via Console As Shown Below;
Router(Config-Line)#End
Router#Exit
Router Con0 Is Now Available
Press RETURN To Get Started.
User Access Verification
Password:
Router>
STEP 2. Now Its Time To Configure VTY (Virtual Teletype) Lines. The VTY Lines Are Virtual Lines Used For Establishing An Exec Session Via Telnet Or Ssh. You Apply The Password To These Lines In The Same Manner As You Previously Did The Console Line As Shown Below;
Router>Enable
Router#Config Terminal
Router(Config)#Line Vty 0 4
Router(Config-Line)#Password Cisco321
Router(Config-Line)#Login
NOTE: That In This Example The Password Was Set To Cisco321 Just To Demonstrate You Can Have Different Passwords Per Line. In Order To Verify This Configuration; Typically You’d Need Ethernet Connectivity To The Device So As Per That Requirement You’ll Need To Assign An IP Address To An Interface. For Example Assign 10.1.1.1 255.255.255.255 To Interface Loopback0 As Shown Below;
Router(Config-Line)#Interface Lo0
Router(Config-If)#Ip Add 10.1.1.1 255.255.255.255
Router(Config-If)#End
Router#
To Verify Your Vty Line Password Configuration You Can Telnet To Your Local Interface To Initiate A Telnet Exec Session As Shown Below;
Router#Telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Password:
Password:
Router>
As You Can See You’re Prompted For The Vty Line Password. If You Enter The Console Line Password, You Will Be Denied Access But Upon Entering The Correct Vty Line Password You’ll Be Authorized To Start An Exec Session As Shown Above.
Once You’ve Established A Telnet Session To The Router, Try To Gain Privileged Level Access. You’ll Immediately Notice That You’ll Be Prompted For An “Enable” Password In Which Case None Is Set So Therefore You Cannot Gain Privileged Level Access.
Router>Enable
Password:
Password:
Password:
% Bad Passwords
Router>
STEP 3. Configure An Enable Password And Secret For The Cisco Router To Gain Privileged Level Access To The Device Via Telnet. This Configuration Is Done In Global Configuration Mode. If You Still Have A Telnet Session Open From The Previous Objective Verification, Type Exit. To Configure An Enable Password Execute The Enable Password Passwordgoeshere Command.
To Configure An Enable Secret You Simply Execute The Enable Secret Passwordgoeshere As Shown Below;
As Shown Above The Enable Password Was Set To Cisco1 And The Enable Secret Was Set To Cisco2
NOTE: The Enable Password And Enable Secret Are Used For The Same Authentication, Which Is To Gain Access To Priviliged Mode However If You Have Both Enable Password And Enable Secret Set, The Enable Secret Will Override The Enable Password.
Once The Enable Passwords Have Been Set Verify The Configuration By Executing A Reverse Telnet To 10.1.1.1 And Establishing A Telnet Session Using The Previously Set VTY Lines Password Then Escalate To Privileged Level Access.
Router#Telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Password:
Router>Enable
Password:
Password:
Router#
If You Typed In The Enable Password First You’ll Be Rejected As The Router Also Has An Enable Secret Set Of Cisco2.
STEP 4.The Last Objective Only Applies To Cisco Devices That Have An Auxiliary (Aux) Port. The Aux Port Is Very Similar To The Console Port But Has Modem Control Pins Where You Can Attach An External Modem To The Device And Dial-In To The Device Via External 56k Modem And Remote Manage The Device Using Pots Dial-Up Service. This Is Commonly Used In Out Of Band Management For Single Devices However When There Are Multiple Devices Per Site And Out Of Band Management Is Required Its Common To Have An Access-Server Setup With A Modem To Allow Console Management Of Multiple Devices Through A Single Dial-In Device.
To Set The Aux Line Password You’ll Execute The Same Commands As You’ve Previously Done In The Console Line Password Configuration As Shown Below;
Router#Configure Terminal
Enter Configuration Commands, One Per Line. End With Cntl/Z.
Router(Config)#Line Aux 0
Router(Config-Line)#Password Auxpassword123
Router(Config-Line)#Login
Router(Config-Line)#End
Router#
Basic Configuration Needed To Make The Router Operational. When You First Power On A New Cisco Router, You Have The Option Of Using The “Setup” Utility Which Allows You To Create A Basic Initial Configuration. However, In This Post I Will Show You How To Do This Basic Setup With The Command Line Interface (CLI). How To Navigate Between Different Configuration Modes (User Mode, Privileged Exec Mode Etc), So Let’s Get Started:
STEP 1: CONFIGURE ACCESS PASSWORDS
The First Step Is To Secure Your Access To The Router By Configuring A Global Secret Password And Also Passwords For Telnet Or Console As Needed.
Router# Configure Terminal <– Privileged Exec Mode
Router(Config)# <– Global Configuration Mode
In Global Configuration Mode You Configure Parameters That Affect The Whole Router Device. Here We Will Configure The Enable Secret Password That You Will Be Using From Now Own To Enter Into Privileged Exec Mode From User Exec Mode.
Router(Config)# Enable Secret “SomeStrongPassword”
From Now On, When You Log In From User Exec Mode You Will Be Asked For A Password.
It Is Suggested Also To Configure A Password For The Telnet Lines (Vty Lines) Which Will Secure Your Access When Connecting Via Telnet Over The Network.
Router(Config)#Line Vty 0 4
Router(Config-Line)# Password “StrongAnyTelnetPass”
Router(Config-Line)# Login
To Differentiate Your Router From Other Devices In The Network, You Should Configure A Hostname For Your Device.
Router(config)# hostname Hello-Router
Hello-Router(config)#
Notice That Your Router Prompt Changes To The New Hostname That You Have Just Set As “Hello-Router”
.
This Is An Essential Step In Order For Your Router To Be Able To Forward Packets In The Network. The Most Basic Parameter For A Router Interface Is The IP Address.
From Global Configuration Mode You Need To Enter Into Interface Configuration Mode:
Hello-Router(Config)# Interface Serial 1/1
Hello-Router(Config-If)# Ip Address 100.100.100.1 255.255.255.252
Hello-Router(Config-If)# No Shutdown
Hello-Router(Config-If)Bandwidth 64 (Set A Logical Bandwidth Assignment Of 64K To The Serial Interface )
My-Router(Config-If)# Exit
Hello-Router(Config)# Interface Fastethernet 0/1
Hello-Router(Config-If)# Ip Address 192.168.10.1 255.255.255.0
Hello-Router(Config-If)# No Shutdown (Enable an interface)
Hello-Router(Config-If)# Exit
The Router’s Main Purpose Is To Find The Best Route Path Towards A Destination Network And Forward Packets According To The Best Path. There Are Two Main Ways A Router Knows Where To Send Packets. The Administrator Can Assign Static Routes, Or The Router Can Learn Routes By Using A Dynamic Routing Protocol.
Static Routes Provide Fixed Routing Paths Through The Network. They Are Manually Configured On The Router. If The Network Topology Changes, The Static Route Must Be Updated With A New Route. Static Routes Are Private Routes Unless They Are Redistributed By A Routing Protocol.
For Simple Network Topologies, Static Routing Is Preferred Over Dynamic Routing. Let’s See How To Configure Static Routes From Global Configuration Mode.
Hello-Router(Config)# Ip Route [Destination Network] [Subnet Mask] [Gateway]
Hello-Router(Config)# Ip Route 200.200.200.0 255.255.255.0 100.100.100.2
The Command Above Tells The Router That Network 200.200.200.0/24 Is Reachable Via Gateway Address 100.100.100.2.
(ALSO KNOW STATIC ROUTES FOR EXAMPLE: Router (Config)#Ip Route 172.16.1.0 255.255.255.0 172.16.2.1 5 In This Example Static Route The Remote Network Is 172.16.1.0, With A Mask Of 255.255.255.0, The Next Hop Is 172.16.2.1, At A Cost Of 5 Hops).
Also Another Popular Static Route That We Usually Configure On Internet Border Routers Is The Default Static Route:
Hello-Router(Config)# Ip Route 0.0.0.0 0.0.0.0 50.50.50.1
The Default Static Route Above Instructs The Router To Send All Packets That The Router Does Not Have A More Specific Route Entry To Gateway Address 50.50.50.1 (Which Might Be The ISP Gateway Address).
Save Your Current Running Configuration Into NVRAM. This Will Overwrite The Startup Configuration.
My-Router(Config)# Exit
My-Router# Copy Running-Config Startup-Config
STEP 6: YOU CAN DISPLAY YOUR CURRENT CONFIGURATION TO VERIFY YOUR SETTINGS AS FOLLOWING:
Hello-Router# Show Running-Config
Hello-Router#
Perform These Steps To Configure Parameters To Control Access To The Router, Beginning In Global Configuration Mode.
Example:
Router(Config)# Line Console 0
Router(Config)#
Enters Line Configuration Mode, And Specifies The Type Of Line. This Example Specifies A Console Terminal For Access.
Example:
Router(Config)# Password 5dr4hepw3
Router(Config)#
Specifies A Unique Password For The Console Terminal Line.
Example:
Router(Config)# Login
Router(Config)#
Enables Password Checking At Terminal Session Login.
Example:
Router(Config)# Exec-Timeout 5 30
Router(Config)#
Sets The Interval That The EXEC Command Interpreter Waits Until User Input Is Detected. The Default Is 10 Minutes. Optionally, Add Seconds To The Interval Value. This Example Shows A Timeout Of 5 Minutes And 30 Seconds. Entering A Timeout Of 0 0 Specifies Never To Time Out.
Example:
Router(Config)# Line Vty 0 4
Router(Config)#
Specifies A Virtual Terminal For Remote Console Access.
Example:
Router(Config)# Password Aldf2ad1
Router(Config)#
Specifies A Unique Password For The Virtual Terminal Line.
Example:
Router(Config)# Login
Router(Config)#
Enables Password Checking At The Virtual Terminal Session Login.
Example:
Router(Config)# End
Router#
Exits Line Configuration Mode, And Returns To Privileged EXEC Mode.
The Following Configuration Shows The Command-Line Access Commands. You Do Not Need To Input The Commands Marked “Default.” These Commands Appear Automatically In The Configuration File Generated When You Use The “Show Running-Config” Command.
!
Line Con 0
Exec-Timeout 10 0
Password 4youreyesonly
Login
Transport Input None (Default)
Stopbits 1 (Default)
Line Vty 0 4
Password Secret
Login
The Goal Of This Article Is To Give An Easy Way To Understand The Cisco Router Basic Passwords Configure On Telnet Port, Console Port And Aux Port. Hope This Article Will Helps Every Beginners Who Are Going To Start Cisco Lab Practice Without Any Doubts. Thank You!
This Article Written Author By: Premakumar Thevathasan. CCNA, CCNP, CCIP, MCSE, MCSA, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+.
When You First Power On A New Cisco Router, You Have The Option Of Using The “Setup” Utility Which Allows You To Create A Basic Initial Password Configuration. However, In This Post I Will Show You How To Do This Basic Setup With The Command Line Interface (CLI).
INTRODUCTION:
The Use Of Password Protection To Control Or Restrict Access To The Command Line Interface (CLI) Of Your Router Is One Of The Fundamental Elements Of An Overall Security Plan. Protecting The Router From Unauthorized Remote Access, Typically Telnet, Is The Most Common Security That Needs Configuring,
But Protecting The Router From Unauthorized Local Access Cannot Be Overlooked. Passwords Can Be Given To The Virtual Terminal Lines And The Console Line. Moreover, Password Can Be Set Privileged EXEC Mode. This Page Will Provide The Information To Set Up CISCO Router Password To Virtual Terminal Lines, Console Lines And Privileged Mode.
NOTE: Password Protection Is Just One Of The Many Steps You Should Use In An Effective In−Depth Network Security Regimen. Firewalls, Access−Lists, And Control Of Physical Access To The Equipment Are Other Elements That Must Be Considered When Implementing Your Security Plan. Command Line, Or Exec, Access To A Router Can Be Made In A Number Of Ways, But In All Cases The Inbound Connection To The Router Is Made On A TTY LINE.
WHEN IT COMES TO BASIC PASSWORD SECURITY, THERE ARE THREE BASIC TYPES:
LINE PASSWORDS - LINE PASSWORDS ARE CONFIGURED ON ROUTER LINES. EXAMPLES OF LINES ARE:
CTY LINE−TYPE Is The Console Port. On Any Router, It Appears In The Router Configuration As Line Con 0 And In The Output Of The Show Line Command As Cty. The Console Port Is Mainly Used For Local System Access Using A Console Terminal. Console Line The Console Is The Main Serial Administrative Port On A Router. This Is Where You Configure The Router When It Is New And Has No Network Configuration.
(WHY CONSOLE PASSWORD IS REQUIRED?
Console Password Is Useful On A Network On Which Multiple People Have To Access To The Router. The Persons Who Are Not Authorized, Can't Access The Router. Thus It Prevents Unauthorized Person From Accessing The Router ).
TTY LINES - Are Asynchronous Lines Used For Inbound Or Outbound Modem And Terminal Connections And Can Be Seen In A Router Or Access Server Configuration As Line X. The Specific Line Numbers Are A Function Of The Hardware Built Into Or Installed On The Router Or Access Server.
AUX LINE – The Aux Line Is An Auxiliary Port. Like The Console, It Is A Physical Port On Every Router. You Can Think Of It As A Backup Console Port. Besides Being A Backup Console Port, The Aux Port Is Periodically Used For Administrative Console Dial Up Access To The Router.
VTY LINES Are The VIRTUAL TERMINAL LINES Of The Router, Used Solely To Control Inbound Telnet Connections. They Are Virtual, In The Sense That They Are A Function Of Software − There Is No Hardware Associated With Them. These Are Not Physical Lines On The Router But Virtual “Inbound Network Lines”.They Appear In The Configuration As Line VTY 0 - 4 Depending On Your Router You Might Have More Than Five (0,1,2,3,4) Virtual Terminals Available, In That Case Use The Command Line VTY 0 X Where X Is The Number Of Terminals -1. You Can Also Specify Less Than The Maximum, Which Will Limit The Number Of Sessions That Can Exist On The Router.
A VTY LINE On A Cisco Router Or Switch Allows A User To Telnet Into The Device. Telnetting Is Where A User Is Able To Connect Remotely From Another Device To The Desired Router Or Switch. Telnetting Allows For Device Management Without Having To Physically Be At The Device. It Is Important To Configure A Telnet Password Because Without One, Anyone Would Be Able To Log Into The Router Or Switch And Alter The Configurations, Which Could Potentially Cause Network Problems Or Shutdown.
USER−SPECIFIC Passwords Can Be Configured Locally On The Router, Or You Can Use An Authentication Server To Provide Authentication. There Is No Prohibition Against Configuring Different Lines With Different Types Of Password Protection. It Is, In Fact, Common To See Routers With A Single Password For The Console And User−Specific Passwords For Other Inbound Connections.
ASYNC LINES – Async Lines Are Asynchronous Serial Lines And Are Optional. These Async Lines Are Created When You Insert An Async Serial Card In A Router. You Can Use The Async Serial Lines To Connect Dumb-Terminals (Text-Based Terminals), Serial Printers, Or Modems.
ALL OF THESE DIFFERENT LINES NEED A PASSWORD CONFIGURED ON THEM. LET’S FIND OUT HOW TO CONFIGURE CISCO ROUTER LINE PASSWORDS.
PASSWORD (LINE CONFIGURATION): To Specify A Password On A Line, Use The Password Command In Line Configuration Mode. A Line Is A CONSOLE PORT (CTY), AUXILIARY PORT (AUX), Virtual Terminal (VTY), OR ASYNCHRONOUS (TTY) LINE.After Specifying A Password On A Line Using The Password Command, You Must Activate Password Checking At Login Using The Login Command In Line Configuration Mode.
The Example Below Illustrates How To Enable Password Security On Each Of The Available Lines. The Password And Login Commands Are Widely Available Within IOS.
NOTE:To Specify A Password On A Line, Use The Password Command In Line Configuration Mode. A Line Is A Console Port (CTY), Auxiliary Port (AUX), Virtual Terminal (VTY), Or Asynchronous (TTY) Line.
FIRST OF ALL KNOW THE BASIC COMMAND LINE INTERFACE (CLI) MODES:
Router> <– User EXEC Mode.
Router# <– Privileged EXEC Mode.
Router(Config)# <– Global Configuration Mode.
Router(Config-If)# <– Interface Configuration Mode.
Router(Config-Line)# <– Line Configuration Mode.
<2>HOW TO CONFIGURING ROUTER PASSWORD ON CISCO ROUTRE: Set A Console Password To “Cisco”
To Specify A Password On A Line, Use The Password Command In Line Configuration Mode. To Enable Password Checking At Login, Use The Login Command In Line Configuration Mode.
STEP 1:
CONFIGURING CONSOLE PASSWORD. ENTER GLOBAL CONFIGURATION MODE OF THE CISCO ROUTER.
A Password Is Configured For All Users Attempting To Use The Console. From The Privileged EXEC (Or "Enable") Prompt, Enter Configuration Mode And Then Switch To Line Configuration Mode Using The Following Commands. Notice That The Prompt Changes To Reflect The Current Mode.
CONSOLE PASSWORD: (In This Example, A Password Is Configured For All Users Attempting To Use The Console).
From The Privileged EXEC (Or "Enable") Prompt, Enter Configuration Mode And Then Switch To Line Configuration Mode Using The Following Commands. Notice That The Prompt Changes To Reflect The Current Mode.
There Are Two Commands Used To Configure Line Passwords, No Matter What Kind Of Line You Are Using. The Commands Are Password And Login. The Password Command Is Used To Set Your Line Password. The Login Command, When Entered By Itself, Is Used To Tell The Router To Use The Password That Is Configured On The Line. Here Is An Example Of How This Is Configured On The Console Port:
Router#Config Terminal
Router(Config)# Hostname Router
Router(Config)#Line Con 0
Router(Config-Line)#Login
Router(Config-Line)#Password Cisco (Specifies A Unique “Cisco”Password For The Console Terminal Line.)
Under The Line Console Configuration, Login Is A Required Configuration Command To Enable Password Checking At Login. Console Authentication Requires Both The Password And The Login Commands To Work.
STEP 2:
SET A TELNET PASSWORD (SET VTY (VIRTUAL TERMINAL LINES) PASSWORD) CONFIGURING VIRTUAL TERMINAL PASSWORD OF A CISCO ROUTER:
WHY VIRTUAL TERMINAL PASSWORD IS REQUIRED?
Virtual Terminal Password Refers To Telnet Password. Through Telnet, You Can Access The Router And Can Change Anything. So, It's Really Important To Protect The Use Of Telnet By Giving A Strong Password.
Different Hardware Has Different No Of Vty Lines Defined. Cisco Has The Range 0 To 4 Vty Lines. It Means It Has 5 VTY LINES. You Can Set The Password Of VTY LINES By The Following Steps:
COMMANDS FOR CONFIGURING VIRTUAL TERMINAL PASSWORD:
In This Example, Passwords Are Configured For Users Attempting To Connect To The Router On The VTY Lines Using Telnet.
From The Privileged EXEC (Or "Enable") Prompt, Enter Configuration Mode And Enter Username/Password Combinations, One For Each User For Whom You Want To Allow Access To The Router:
Router>Enable
Router#Configure Terminal
Enter Configuration Commands, One Per Line. End With CNTL/Z.
Router(Config)#Line Vty 0 4
Router(Config-Line)#Password Cisco
Router(Config-Line)#Login
Router(Config-Line)#
BY DEFAULT, A Cisco Router Supports 5 Simultaneous Telnet Sessions. By Using The Command Line VTY 0 4, The Configuration Below Will Be Applied To All 5 Sessions (Line 0 To Line 4).
STEP 3:
WHY ENABLE PASSWORD IS REQUIRED?
Enable Password Is Required To Restrict The Access Of Privileged EXEC Mode.
CONFIGURING ENABLE PASSWORD OF A CISCO ROUTER:
Router>Enable
Router#Configure Terminal
Enter Configuration Commands, One Per Line. End With CNTL/Z.
Router(Config)#Enable Password Cisco
Router(Config)#
STEP 4:
PERFORM PASSWORD ENABLE SECRET:
ENABLE SECRET: To Specify An Additional Layer Of Security Use The Enable Secret Command In Global Configuration Mode. The Enable Secret Command Provides Better Security By Storing The Configured Enable Secret Password Using A Nonreversible Cryptographic Hash Function, Compared To The Enable Password Command, Which Stores The Configured Password In Clear Text Or In An Easily Reversible Encrypted Format. Storing The Password As A Cryptographic Hash Helps To Minimize The Risk Of Password Sniffing If The Router Configuration File Is Transferred Across The Network, Such As To And From A TFTP Server. It Is Also Useful If An Unauthorized User Obtains A Copy Of Your Configuration File. Note, If Neither The Enable Password Command Nor The Enable Secret Command Is Configured, And If There Is A Line Password Configured For The Console Port, The Console Line Password Will Serve As The Enable Password For All VTY Lines, Which Includes Telnet, Rlogin, And SSH Connections.
The Enable Secret Command Is Widely Available Within IOS. Username Passwords May Also Be Stored In The Router Configuration File In Cryptographic Hash Format, Similar To The Enable Secret. The Associated Command Is Username Secret.
From The Global Configuration Mode, Use The Command Enable Password To Restrict Access To Privileged EXEC Mode. However, This Password Is Visible In The Routers Configuration File. To Encrypt The Password, Enable Secret Command Is Required. By Using Enable Secret Command The Password Is Encrypted And Can't Be Readable To A Human.
Router>Enable
Router#Config
Router#Configure Terminal
Enter Configuration Commands, One Per Line. End With CNTL/Z.
Router(Config)#Enable Secret Cisco
Router(Config)#
NOTE: The Enable Secret Password Is The Password You Use To Gain Access To Enable Mode And To The Global Configuration Mode On The Router And Is Encrypted. The Enable Password Is Used When You Do Not Specify A Enable Secret Password. The Enable Password Should Be Different From The Enable Secret Password.
STEP 5:
HOW TO ENCRYPT THE ENTIRE CISCO ROUTER PASSWORD? SERVICE PASSWORD-ENCRYPTION:
NOTE: These Passwords Are Not Encrypted And We Can See Them With The “Show Running-Config” Command. We Can Encrypt All The Passwords With The Service Password-Encryption Command In Global Configuration Mode.
By Default All The Passwords Of A CISCO Router Is Readable In Clear Text In The Configuration File. This Is A Great Security Threat If Someone Read It And Configure Or Change The Router Configuration. So, To Protect Form Display The Password, Service Password-Encryption Command Is Used To Encrypt The Passwords. Service Password-Encryption Is A Global Command And Encrypt The Passwords:
BY FOLLOWING THE ABOVE STEPS YOU CAN EASILY CONFIGURE CISCO ROUTER PASSWORDS:
Router#Config
Router#Configure Terminal
Router(Config)# Service Password-Encryption
To Encrypt Local Router Passwords, Use The Service Password-Encryption Command In Global Configuration Mode. This Command Applies To Line Passwords, Username Passwords, Enable Passwords, And Authentication Key Passwords, Including Routing Authentication Passwords And Key Strings. By Default, IOS Does Not Encrypt Passwords. Encrypting Passwords In This Way Helps To Minimize The Risk Of Password Sniffing If The Router Configuration File Is Transferred Across The Network Such As To And/Or From A TFTP Server. It Is Also Useful If An Unauthorized User Obtains A Copy Of Your Configuration File. This Command Is Widely Available Within IOS.
NOTE: Another Notice Is That We Can’t Login To A Cisco Router Via Telnet If We Don’t Set A VTY Line Password For It.
TO THE SHOW RUNNING−CONFIG COMMAND:
Router#Show Running−Config
SET THE PASSWORD FOR AUX PORT:
Router(Config)#Line Aux 0
Router(Config-Line)#Login
Router(Config-Line)#Password Cisco
The Auxiliary Port Is On The Back Of The Router And Is Commonly Used To Connect A Modem To. It Is Used To Allow A Remote User Access To The Configuration Of The Router. If A Modem Is Connected To The Port, It Should Definitely Have A Password Specified For It.
LAB EXAMPLE - 1:
To Meet The First Objective Of Protecting The Console Line With A Console Password You’ll Need To Navigate To The Console Line Configuration Mode As Shown Below:
STEP 1:
Would You Like To Enter The Initial Configuration Dialog? [Yes/No]: No
Press Return To Get Started!
Router>Enable
Router#Configure Terminal
Router(Config)#Line Console 0
Router(Config-Line)#
Once In Console Line Configuration Mode, You Can Set The Password By Executing The Password Passwordgoeshere As Shown Below, The Password Is Being Set To Cisco123;
Router(Config-Line)#Password Cisco123
Simply Setting The Password Does Not Enable Password Authentication. You’ll Need To Tell The Router To Prompt Incoming Sessions On The Console Line To Require A Password. This Is Done By Executing The Login Command From Line Configuration Mode As Shown Below;
Router(Config-Line)#Login
Now You Can Test Your Console Line Password But First You’ll Have To End Your Exec Session By Typing End And Exit Then Attempting To Establish A New Exec Session Via Console As Shown Below;
Router(Config-Line)#End
Router#Exit
Router Con0 Is Now Available
Press RETURN To Get Started.
User Access Verification
Password:
Router>
STEP 2. Now Its Time To Configure VTY (Virtual Teletype) Lines. The VTY Lines Are Virtual Lines Used For Establishing An Exec Session Via Telnet Or Ssh. You Apply The Password To These Lines In The Same Manner As You Previously Did The Console Line As Shown Below;
Router>Enable
Router#Config Terminal
Router(Config)#Line Vty 0 4
Router(Config-Line)#Password Cisco321
Router(Config-Line)#Login
NOTE: That In This Example The Password Was Set To Cisco321 Just To Demonstrate You Can Have Different Passwords Per Line. In Order To Verify This Configuration; Typically You’d Need Ethernet Connectivity To The Device So As Per That Requirement You’ll Need To Assign An IP Address To An Interface. For Example Assign 10.1.1.1 255.255.255.255 To Interface Loopback0 As Shown Below;
Router(Config-Line)#Interface Lo0
Router(Config-If)#Ip Add 10.1.1.1 255.255.255.255
Router(Config-If)#End
Router#
To Verify Your Vty Line Password Configuration You Can Telnet To Your Local Interface To Initiate A Telnet Exec Session As Shown Below;
Router#Telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Password:
Password:
Router>
As You Can See You’re Prompted For The Vty Line Password. If You Enter The Console Line Password, You Will Be Denied Access But Upon Entering The Correct Vty Line Password You’ll Be Authorized To Start An Exec Session As Shown Above.
Once You’ve Established A Telnet Session To The Router, Try To Gain Privileged Level Access. You’ll Immediately Notice That You’ll Be Prompted For An “Enable” Password In Which Case None Is Set So Therefore You Cannot Gain Privileged Level Access.
Router>Enable
Password:
Password:
Password:
% Bad Passwords
Router>
STEP 3. Configure An Enable Password And Secret For The Cisco Router To Gain Privileged Level Access To The Device Via Telnet. This Configuration Is Done In Global Configuration Mode. If You Still Have A Telnet Session Open From The Previous Objective Verification, Type Exit. To Configure An Enable Password Execute The Enable Password Passwordgoeshere Command.
To Configure An Enable Secret You Simply Execute The Enable Secret Passwordgoeshere As Shown Below;
As Shown Above The Enable Password Was Set To Cisco1 And The Enable Secret Was Set To Cisco2
NOTE: The Enable Password And Enable Secret Are Used For The Same Authentication, Which Is To Gain Access To Priviliged Mode However If You Have Both Enable Password And Enable Secret Set, The Enable Secret Will Override The Enable Password.
Once The Enable Passwords Have Been Set Verify The Configuration By Executing A Reverse Telnet To 10.1.1.1 And Establishing A Telnet Session Using The Previously Set VTY Lines Password Then Escalate To Privileged Level Access.
Router#Telnet 10.1.1.1
Trying 10.1.1.1 ... Open
User Access Verification
Password:
Router>Enable
Password:
Password:
Router#
If You Typed In The Enable Password First You’ll Be Rejected As The Router Also Has An Enable Secret Set Of Cisco2.
STEP 4.The Last Objective Only Applies To Cisco Devices That Have An Auxiliary (Aux) Port. The Aux Port Is Very Similar To The Console Port But Has Modem Control Pins Where You Can Attach An External Modem To The Device And Dial-In To The Device Via External 56k Modem And Remote Manage The Device Using Pots Dial-Up Service. This Is Commonly Used In Out Of Band Management For Single Devices However When There Are Multiple Devices Per Site And Out Of Band Management Is Required Its Common To Have An Access-Server Setup With A Modem To Allow Console Management Of Multiple Devices Through A Single Dial-In Device.
To Set The Aux Line Password You’ll Execute The Same Commands As You’ve Previously Done In The Console Line Password Configuration As Shown Below;
Router#Configure Terminal
Enter Configuration Commands, One Per Line. End With Cntl/Z.
Router(Config)#Line Aux 0
Router(Config-Line)#Password Auxpassword123
Router(Config-Line)#Login
Router(Config-Line)#End
Router#
LAB EXAMPLE - 2:
BASIC CISCO ROUTER CONFIGURATION STEPS:
Basic Configuration Needed To Make The Router Operational. When You First Power On A New Cisco Router, You Have The Option Of Using The “Setup” Utility Which Allows You To Create A Basic Initial Configuration. However, In This Post I Will Show You How To Do This Basic Setup With The Command Line Interface (CLI). How To Navigate Between Different Configuration Modes (User Mode, Privileged Exec Mode Etc), So Let’s Get Started:
STEP 1: CONFIGURE ACCESS PASSWORDS
The First Step Is To Secure Your Access To The Router By Configuring A Global Secret Password And Also Passwords For Telnet Or Console As Needed.
ENTER INTO GLOBAL CONFIGURATION MODE FROM THE PRIVILEGED EXEC MODE:
Router# Configure Terminal <– Privileged Exec Mode
Router(Config)# <– Global Configuration Mode
In Global Configuration Mode You Configure Parameters That Affect The Whole Router Device. Here We Will Configure The Enable Secret Password That You Will Be Using From Now Own To Enter Into Privileged Exec Mode From User Exec Mode.
Router(Config)# Enable Secret “SomeStrongPassword”
From Now On, When You Log In From User Exec Mode You Will Be Asked For A Password.
It Is Suggested Also To Configure A Password For The Telnet Lines (Vty Lines) Which Will Secure Your Access When Connecting Via Telnet Over The Network.
Router(Config)#Line Vty 0 4
Router(Config-Line)# Password “StrongAnyTelnetPass”
Router(Config-Line)# Login
STEP 2: CONFIGURE A ROUTER HOSTNAME
To Differentiate Your Router From Other Devices In The Network, You Should Configure A Hostname For Your Device.
Router(config)# hostname Hello-Router
Hello-Router(config)#
Notice That Your Router Prompt Changes To The New Hostname That You Have Just Set As “Hello-Router”
.
STEP 3: CONFIGURE IP ADDRESSES FOR ROUTER INTERFACES
This Is An Essential Step In Order For Your Router To Be Able To Forward Packets In The Network. The Most Basic Parameter For A Router Interface Is The IP Address.
From Global Configuration Mode You Need To Enter Into Interface Configuration Mode:
Hello-Router(Config)# Interface Serial 1/1
Hello-Router(Config-If)# Ip Address 100.100.100.1 255.255.255.252
Hello-Router(Config-If)# No Shutdown
Hello-Router(Config-If)Bandwidth 64 (Set A Logical Bandwidth Assignment Of 64K To The Serial Interface )
My-Router(Config-If)# Exit
Hello-Router(Config)# Interface Fastethernet 0/1
Hello-Router(Config-If)# Ip Address 192.168.10.1 255.255.255.0
Hello-Router(Config-If)# No Shutdown (Enable an interface)
Hello-Router(Config-If)# Exit
STEP 4: CONFIGURE ROUTING (STATIC OR DYNAMIC)
The Router’s Main Purpose Is To Find The Best Route Path Towards A Destination Network And Forward Packets According To The Best Path. There Are Two Main Ways A Router Knows Where To Send Packets. The Administrator Can Assign Static Routes, Or The Router Can Learn Routes By Using A Dynamic Routing Protocol.
CONFIGURING STATIC ROUTES:
Static Routes Provide Fixed Routing Paths Through The Network. They Are Manually Configured On The Router. If The Network Topology Changes, The Static Route Must Be Updated With A New Route. Static Routes Are Private Routes Unless They Are Redistributed By A Routing Protocol.
For Simple Network Topologies, Static Routing Is Preferred Over Dynamic Routing. Let’s See How To Configure Static Routes From Global Configuration Mode.
Hello-Router(Config)# Ip Route [Destination Network] [Subnet Mask] [Gateway]
Hello-Router(Config)# Ip Route 200.200.200.0 255.255.255.0 100.100.100.2
The Command Above Tells The Router That Network 200.200.200.0/24 Is Reachable Via Gateway Address 100.100.100.2.
(ALSO KNOW STATIC ROUTES FOR EXAMPLE: Router (Config)#Ip Route 172.16.1.0 255.255.255.0 172.16.2.1 5 In This Example Static Route The Remote Network Is 172.16.1.0, With A Mask Of 255.255.255.0, The Next Hop Is 172.16.2.1, At A Cost Of 5 Hops).
Also Another Popular Static Route That We Usually Configure On Internet Border Routers Is The Default Static Route:
Hello-Router(Config)# Ip Route 0.0.0.0 0.0.0.0 50.50.50.1
The Default Static Route Above Instructs The Router To Send All Packets That The Router Does Not Have A More Specific Route Entry To Gateway Address 50.50.50.1 (Which Might Be The ISP Gateway Address).
STEP5: SAVE YOUR CONFIGURATION:
Save Your Current Running Configuration Into NVRAM. This Will Overwrite The Startup Configuration.
My-Router(Config)# Exit
My-Router# Copy Running-Config Startup-Config
STEP 6: YOU CAN DISPLAY YOUR CURRENT CONFIGURATION TO VERIFY YOUR SETTINGS AS FOLLOWING:
Hello-Router# Show Running-Config
Hello-Router#
SUMMARY:CONFIGURING COMMAND-LINE ACCESS TO THE ROUTER:
Perform These Steps To Configure Parameters To Control Access To The Router, Beginning In Global Configuration Mode.
STEP 1 LINE [AUX | CONSOLE | TTY | VTY] LINE-NUMBER:
Example:
Router(Config)# Line Console 0
Router(Config)#
Enters Line Configuration Mode, And Specifies The Type Of Line. This Example Specifies A Console Terminal For Access.
STEP 2 PASSWORD PASSWORD:
Example:
Router(Config)# Password 5dr4hepw3
Router(Config)#
Specifies A Unique Password For The Console Terminal Line.
STEP 3 LOGIN:
Example:
Router(Config)# Login
Router(Config)#
Enables Password Checking At Terminal Session Login.
STEP 4 EXEC-TIMEOUT MINUTES [SECONDS]:
Example:
Router(Config)# Exec-Timeout 5 30
Router(Config)#
Sets The Interval That The EXEC Command Interpreter Waits Until User Input Is Detected. The Default Is 10 Minutes. Optionally, Add Seconds To The Interval Value. This Example Shows A Timeout Of 5 Minutes And 30 Seconds. Entering A Timeout Of 0 0 Specifies Never To Time Out.
STEP 5 LINE [AUX | CONSOLE | TTY | VTY] LINE-NUMBER:
Example:
Router(Config)# Line Vty 0 4
Router(Config)#
Specifies A Virtual Terminal For Remote Console Access.
STEP 6 PASSWORD PASSWORD:
Example:
Router(Config)# Password Aldf2ad1
Router(Config)#
Specifies A Unique Password For The Virtual Terminal Line.
STEP 7 LOGIN:
Example:
Router(Config)# Login
Router(Config)#
Enables Password Checking At The Virtual Terminal Session Login.
STEP 8 END:
Example:
Router(Config)# End
Router#
Exits Line Configuration Mode, And Returns To Privileged EXEC Mode.
CONFIGURATION EXAMPLE:
The Following Configuration Shows The Command-Line Access Commands. You Do Not Need To Input The Commands Marked “Default.” These Commands Appear Automatically In The Configuration File Generated When You Use The “Show Running-Config” Command.
!
Line Con 0
Exec-Timeout 10 0
Password 4youreyesonly
Login
Transport Input None (Default)
Stopbits 1 (Default)
Line Vty 0 4
Password Secret
Login
CONCLUSION:
The Goal Of This Article Is To Give An Easy Way To Understand The Cisco Router Basic Passwords Configure On Telnet Port, Console Port And Aux Port. Hope This Article Will Helps Every Beginners Who Are Going To Start Cisco Lab Practice Without Any Doubts. Thank You!
This Article Written Author By: Premakumar Thevathasan. CCNA, CCNP, CCIP, MCSE, MCSA, MCSA - MSG, CIW Security Analyst, CompTIA Certified A+.
No comments:
Post a Comment