Cisco Router Setting the Passwords
Navigation:
There are five passwords used to secure your Cisco routers. The first two passwords discussed are used to set your enable
1. Set the two enable passwords on your router. You set the enable passwords from global
configuration mode.
Router(config)#enable ?
last-resort Define enable action if no TACACS servers respond
password Assign the privileged level password
secret Assign the privileged level secret
use-tacacs Use TACACS to check enable passwords
The enable secret and enable password are the only enable passwords that are supported in our
program at this time
Router(config)#enable secret Antero
Router(config)#enable password ATG
Since the enable secret supercedes the enable password, dont bother to use the enable
password since it will never be used if the enable secret is set.
2. Set your User-mode passwords by using the line command.
Router(config)#line ?
<0-4> First Line number
aux Auxiliary line
console Primary terminal line
vty Virtual terminal
Aux is used to set the user-mode password for the auxiliary port. This is typically used for
configuring a modem on the router but can be used as a console as well.
· Console is used to set a console user-mode password
· Vty is used to set a Telnet password on the router. If the password is not set, then Telnet
cannot be used by default.
To configure the user-mode passwords, you configure the line you want and use either the
login or no login command to tell the router to prompt for authentication.
configuring a modem on the router but can be used as a console as well.
· Console is used to set a console user-mode password
· Vty is used to set a Telnet password on the router. If the password is not set, then Telnet
cannot be used by default.
To configure the user-mode passwords, you configure the line you want and use either the
login or no login command to tell the router to prompt for authentication.
3. Set the Auxiliary Password on your router. To configure the auxiliary password, go to global
configuration mode and type line aux?. Notice that you only get a choice of 00 because there
is only one port.
configuration mode and type line aux?. Notice that you only get a choice of 00 because there
is only one port.
Router#config t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#line aux ?
<0-0> First Line number
Router(config)#line aux 0
Router(config-line)#login
Router(config-line)#password antero
It is important to remember the login command, or the auxiliary port wont prompt for
authentication.
console 0 command. However, notice that when we tried to type line console 0 ? from
the aux line configuration, we got an error. You can still type line console 0 and it will
accept it; however, the help screens do not work from that prompt. Type “exit” to get back one
level.
Router(config-line)#line console ?
% Unrecognized command
Router(config-line)#exit
Router(config)#line console ?
<0-0> First Line number
Router(config)#line console 0
Router(config-line)#login
Router(config-line)#password Antero1
Since there is only one console port, we can only choose line console 0.
5. Set the optional console port commands on your router. There are a few other important
commands to know for the console port.
The exec-timeout 0 0 command sets the timeout for the console EXEC session to zero, or
to never time out. To have fun with your friends at work, set it to 0 1, which makes the console
time out in 1 second! The way to fix that is to continually press the down arrow key while
changing the timeout time with your free hand.
The logging synchronous command is a nice command, and I think it should be a default
command, but it is not. What it does is stop console messages from popping up and disrupting
input you are trying to type. This makes reading your input messages much easier.
commands to know for the console port.
The exec-timeout 0 0 command sets the timeout for the console EXEC session to zero, or
to never time out. To have fun with your friends at work, set it to 0 1, which makes the console
time out in 1 second! The way to fix that is to continually press the down arrow key while
changing the timeout time with your free hand.
The logging synchronous command is a nice command, and I think it should be a default
command, but it is not. What it does is stop console messages from popping up and disrupting
input you are trying to type. This makes reading your input messages much easier.
Here is an example of how to configure both commands:
Router(config-line)#exec-timeout ?
<0-35791> Timeout in minutes
Router(config-line)#exec-timeout 0 ?
<0-2147483> Timeout in seconds
<cr>
Router(config-line)#exec-timeout 0 0
Router(config-line)#logging synchronous
6. Set your Telnet Password on your router. To set the user-mode password for Telnet access into
the router, use the line vty command. Routers that are not running the Enterprise edition of
the Cisco IOS default to five VTY lines, 0 through 4. However, if you have the Enterprise edition,
you will have significantly more. The best way to find out how many lines you have is to use the
question mark.
Router(config-line)#line vty 0 ?
<1-4> Last Line Number
<cr>
Router(config-line)#line vty 0 4
Router(config-line)#login
Router(config-line)#password Antero2
If you try to telnet into a router that does not have a VTY password set, you will receive an error
stating that the connection is refused because the password is not set. You can tell the router
to allow Telnet connections without a password by using the no login command.
Router(config-line)#line vty 0 4
Router(config-line)#no login
After your routers are configured with an IP address, you can use the Telnet program to
configure and check your routers instead of having to use a console cable. You can use the
Telnet program by typing telnet from any command prompt (DOS or Cisco).
Telnet is covered
in more detail in Next Blog
0 comments:
Post a Comment
Please do not enter any spam link in the comment box.